Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

DIL.tmp files, VRR1.tmp files, mrofinu100186.exe AND 17PHolmes1001186.

Started by rejaul2008 , May 19 2008 08:48 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 08:48 AM

DIL.tmp files, VRR1.tmp files, mrofinu100186.exe AND 17PHolmes1001186.exe INFECTION VIRUS will not LEAVE!, they keep on coming and going from my computer.....

and im using a paint software called PAINT.NET and i keep getting a message and it wont open up nemore since iv started getting them viruses, the message says... the application failed to intialize properly (0xc000007b) Click on Ok to terminate the application.

can you please help me remove these files and help with my programs some of them dont hardly work.

iv provided a log file using OTSCAN and HIJACK THIS to help you with this matter.

Thanks

OT SCAN SCRIPT....

[code=auto:0]OTScanIt logfile created on: 19/05/2008 14:43:54
OTScanIt by OldTimer - Version 1.0.14.1 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.98 Mb Total Physical Memory | 288.39 Mb Available Physical Memory | 56.44% Memory free
1.22 Gb Paging File | 1.04 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 67.38 Gb Free Space | 88.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.64 Gb Total Space | 0.15 Gb Free Space | 0.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-E43AF56720
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
smss.exe -> %SystemRoot%\system32\smss -> File not found
csrss.exe -> %SystemRoot%\system32\csrss -> File not found
winlogon.exe -> %SystemRoot%\system32\winlogon -> File not found
services.exe -> %SystemRoot%\system32\services -> File not found
lsass.exe -> %SystemRoot%\system32\lsass -> File not found
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> File not found
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 295424 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 295424 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> File not found
-> %SystemRoot%\system32\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> File not found
-> %SystemRoot%\system32\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 167936 bytes | Modified Date = 14/04/2008 05:41:50 | Attr = ]
-> %SystemRoot%\system32\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0845) | Size = 42496 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.7.2600.5512 (xpsp.080413-2108) | Size = 409088 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 77824 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 62464 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 62464 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 126976 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
-> %SystemRoot%\system32\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 23040 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
-> %SystemRoot%\system32\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.701 | Size = 246272 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
-> %SystemRoot%\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 135168 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 38400 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\System32\hidserv.dll [HidServ] -> File not found
-> %SystemRoot%\system32\kmsvc.dll [hkmsvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 61440 bytes | Modified Date = 14/04/2008 05:41:58 | Attr = ]
-> %SystemRoot%\system32\srvsvc.dll [LanmanServer] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 96768 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132096 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 33792 bytes | Modified Date = 14/04/2008 05:42:00 | Attr = ]
-> %SystemRoot%\system32\qagentrt.dll [napagent] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 291328 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 198144 bytes | Modified Date = 14/04/2008 05:42:02 | Attr = ]
-> %SystemRoot%\system32\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 245248 bytes | Modified Date = 14/04/2008 05:42:02 | Attr = ]
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.5512 | Size = 435200 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 88576 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 186368 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 53248 bytes | Modified Date = 14/04/2008 05:41:58 | Attr = ]
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 192512 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 18944 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 39424 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 05:41:56 | Attr = ]
-> %SystemRoot%\system32\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 135168 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 171008 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 249856 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 135168 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 90112 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 175104 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 144896 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 18/10/2006 21:47:16 | Attr = ]
-> %SystemRoot%\system32\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 617472 bytes | Modified Date = 14/04/2008 05:41:50 | Attr = ]
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 80896 bytes | Modified Date = 14/04/2008 05:42:12 | Attr = ]
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 05:42:12 | Attr = ]
-> %SystemRoot%\system32\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 483840 bytes | Modified Date = 14/04/2008 05:51:44 | Attr = ]
-> %SystemRoot%\system32\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 129024 bytes | Modified Date = 14/04/2008 05:42:12 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> File not found
-> %SystemRoot%\system32\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 45568 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> File not found
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 17408 bytes | Modified Date = 14/04/2008 05:41:50 | Attr = ]
-> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 13824 bytes | Modified Date = 14/04/2008 05:41:58 | Attr = ]
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 71680 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 185856 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 68096 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
explorer.exe -> %SystemRoot%\explorer -> File not found
spoolsv.exe -> %SystemRoot%\system32\spoolsv -> File not found
alg.exe -> %SystemRoot%\system32\alg -> File not found
ctfmon.exe -> %SystemRoot%\system32\ctfmon -> File not found
utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent -> File not found
wuauclt.exe -> %SystemRoot%\system32\wuauclt -> File not found
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse -> File not found
dil3.tmp -> %SystemRoot%\Temp\DIL3.tmp -> [Ver = | Size = 25088 bytes | Modified Date = 19/05/2008 14:42:21 | Attr = ]
17pholmes1001186.exe -> %SystemRoot%\17PHolmes1001186.exe -> File not found
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox -> File not found
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt -> File not found

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc -> File not found
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\alg -> File not found
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state -> File not found
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(Browser) Computer Browser [Win32_Shared | Auto | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc -> File not found
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv -> File not found
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw -> File not found
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost -> File not found
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin -> File not found
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Dot3svc) Wired AutoConfig [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(EapHost) Extensible Authentication Protocol Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services -> File not found
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -> File not found
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(hkmsvc) Health Key and Certificate Management Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi -> File not found
(LanmanServer) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\mnmsrvc -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc -> [Folder | Modified Date = 19/05/2008 10:48:57 | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\msiexec -> File not found
(napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV -> File not found
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\scardsvr -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost -> File not found
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ups -> File not found
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\vssvc -> File not found
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> File not found
runner1 -> %SystemRoot%\mrofinu1001186 [C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %SystemRoot%\system32\ctfmon [C:\WINDOWS\system32\ctfmon.exe] -> File not found
uTorrent -> %ProgramFiles%\uTorrent\uTorrent ["C:\Program Files\uTorrent\uTorrent.exe"] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader -> File not found
-> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\rundll32 -> File not found
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom [system32\DRIVERS\cdrom.sys] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-ROM_DVD-116_________________1.09____\5&12c74655&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomASUS_CRW-5232AS_________________________1.03____\5&12c74655&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC [ NTFS ] -> File not found
< HOSTS File > (239221 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4427 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6601 domain(s) found. ->
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %SystemRoot%\Network Diagnostic\xpnetdiag [@xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{64C68A6C-A73B-48B6-9637-826A98C48F16} -> (Intel 21143-Based PCI Fast Ethernet Adapter (Generic)) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> ->



[Files/Folders - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 19/05/2008 10:58:08 | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 19/05/2008 10:59:19 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Created Date = 19/05/2008 11:10:10 | Attr = HS]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 19/05/2008 11:42:32 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 19/05/2008 11:00:57 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 19/05/2008 11:19:03 | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 19/05/2008 10:59:18 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 19/05/2008 10:52:37 | Attr = ]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 19/05/2008 11:02:22 | Attr = ]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 19/05/2008 11:02:22 | Attr = ]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 19/05/2008 11:02:32 | Attr = ]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 19/05/2008 11:02:35 | Attr = ]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 19/05/2008 11:02:23 | Attr = ]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 19/05/2008 11:02:23 | Attr = ]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:51 | Attr = ]
c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:52 | Attr = ]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:48 | Attr = ]
c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:52 | Attr = ]
c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:48 | Attr = ]
c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:54 | Attr = ]
c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:48 | Attr = ]
c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:43 | Attr = ]
c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:29 | Attr = ]
c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:29 | Attr = ]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 19/05/2008 11:02:29 | Attr = ]
c_20936.nls -> %SystemRoot%\System3

    Advertisements

Register to Remove

#2 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 08:49 AM

DIL.tmp files, VRR1.tmp files, mrofinu100186.exe AND 17PHolmes1001186.exe INFECTION VIRUS will not LEAVE!, they keep on coming and going from my computer.....

and im using a paint software called PAINT.NET and i keep getting a message and it wont open up nemore since iv started getting them viruses, the message says... the application failed to intialize properly (0xc000007b) Click on Ok to terminate the application.

can you please help me remove these files and help with my programs some of them dont hardly work.

iv provided a log file using HIJACK THIS to help you with this matter.

Thanks

HERES A LATEST HIJACK THIS LOG FILE CAN YOU SEE IF THERES ANY OTHER VIRUS TRYING TO INFECT MY MACHINE THANKS.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:25, on 19/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\DIL5.tmp
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 3584 bytes

#3 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 10:09 AM

SORRY ABOUT THAT I DIDNT QUITE KNOW IF THEY WERE BOTH FROM THE SAME FORUM... IM RELY SORRY, CAN YOU PLEASE HELP ME WITH THIS MY PROGRAMS DONT WORK PROPERLY. THANKS

#4 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 19 May 2008 - 10:12 AM

Hi, and Welcome to WhatTheTech :)

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
As I am still training, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.

jpshortstuff

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#5 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 19 May 2008 - 10:45 AM

Hi

You don't appear to be running any Anti-Virus software.

Install Anti-Virus software! Without any anti-virus software, your computer is wide open to infection. If you don't have any Anti-Virus software I strongly recommend you download Avast! or AVG Free


Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

Disable your Anti-Virus program.
We need to temporarily disable the anti-virus program you downloaded so that it doesn't interfere with ComboFix.
  • If you chose Avast:
    Right click on the avast! icon in system tray (looks like this: Posted Image) and choose (Stop On-Access Protection)

  • If you chose AVG:
    Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
    When you need to enable the AVG Resident Shield, ( I'll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.
Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#6 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 11:07 AM

HI THERE, I REMEMBER TRYING TO FIX MY COMPUTER USING COMBO FIX AND IT MESSED UP MY PROGRAMS NON OF THE APLLICATIONS WERE ACTIVE. CAN YOU TELL ME IF THIS WOULD ACCURE AGAIN? BY THE WAY IS THIS GOING TO MAKE MY APPLICATIONS RUN SUCH AS MY PAINT.NET FILE?

#7 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 11:35 AM

HI THERE IVE FINISHED RUNNING COMBOFIX.EXE AND IVE POSTED A LOG FILE OF COMBO FIX AND HI JACK THIS UNINSTALL_LIST LOG FILE.....

COMBOFIX LOG.......

ComboFix 08-05-15.3 - Administrator 2008-05-19 18:28:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.310 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 17:33 . 2008-05-19 17:33 <DIR> d-------- C:\Program Files\Cabos
2008-05-19 16:28 . 2008-05-19 16:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-19 16:14 . 2008-05-19 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-05-19 16:13 . 2008-05-19 16:13 <DIR> d-------- C:\Program Files\DIFX
2008-05-19 16:13 . 2008-05-19 16:15 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-19 16:12 . 2008-05-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-19 16:11 . 2008-05-19 16:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-19 16:11 . 2008-05-19 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-19 16:11 . 2008-05-19 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-19 16:11 . 2008-05-19 16:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-05-19 16:11 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-19 16:10 . 2008-05-19 16:13 <DIR> d-------- C:\Program Files\Nokia
2008-05-19 16:10 . 2008-05-19 16:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-19 14:15 . 2008-05-19 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-19 14:15 . 2008-05-19 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-19 14:11 . 2008-05-19 14:11 <DIR> d-------- C:\Program Files\Nero
2008-05-19 14:11 . 2008-05-19 14:14 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-19 14:11 . 2008-05-19 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-19 13:53 . 2008-05-19 13:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-19 13:39 . 2008-05-19 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Tracing
2008-05-19 13:37 . 2008-05-19 13:37 <DIR> d-------- C:\Program Files\Windows Live
2008-05-19 13:36 . 2008-05-19 13:36 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-19 13:34 . 2008-05-19 13:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-19 13:34 . 2008-05-19 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 13:32 . 2008-05-19 13:32 <DIR> d-------- C:\Program Files\Free Sound Recorder
2008-05-19 13:31 . 2008-05-19 13:31 <DIR> d-------- C:\Program Files\CCleaner
2008-05-19 13:30 . 2008-05-19 13:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-19 13:30 . 2008-05-19 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 13:27 . 2008-05-19 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 13:23 . 2008-05-19 13:23 <DIR> d-------- C:\Program Files\DirectVobSub
2008-05-19 13:22 . 2008-05-19 13:22 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-05-19 13:22 . 2008-05-19 13:23 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-05-19 13:22 . 2008-05-19 13:22 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-19 13:22 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-19 13:20 . 2008-05-19 16:16 95 --a------ C:\WINDOWS\winamp.ini
2008-05-19 13:18 . 2008-05-19 13:18 <DIR> d-------- C:\Documents and Settings\Administrator\Shared
2008-05-19 13:18 . 2008-05-19 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Cabos
2008-05-19 13:05 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-19 13:04 . 2008-05-19 13:05 <DIR> d-------- C:\Program Files\Java
2008-05-19 13:04 . 2008-05-19 13:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-19 13:00 . 2008-05-19 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 13:00 . 2008-05-19 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-19 12:59 . 2008-05-19 12:59 361,344 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-05-19 12:59 . 2008-05-19 12:59 361,344 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-19 12:58 . 2008-05-19 12:58 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-05-19 12:56 . 2008-05-19 12:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 12:39 . 2008-05-19 12:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 12:39 . 2008-05-19 12:39 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-19 12:24 . 2008-05-19 16:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-19 12:24 . 2008-05-19 12:24 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-05-19 12:19 . 2008-05-19 12:19 <DIR> d-------- C:\Program Files\uTorrent
2008-05-19 12:19 . 2008-05-19 18:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-19 12:15 . 2008-05-19 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-19 12:14 . 2008-05-19 12:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-19 12:13 . 2008-05-19 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 12:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-19 12:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-19 12:04 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 12:02 . 2008-03-01 14:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-19 12:02 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-19 12:02 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-19 12:02 . 2008-03-01 14:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-19 12:02 . 2008-03-01 14:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-19 12:02 . 2008-03-01 14:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-19 12:02 . 2008-03-01 14:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-19 12:02 . 2008-03-01 14:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-19 12:02 . 2008-02-22 11:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-19 11:57 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-19 11:53 . 2008-05-19 11:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-19 11:50 . 2008-05-19 11:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-19 11:43 . 2008-05-19 11:51 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-19 11:43 . 2008-05-19 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-19 11:42 . 2008-05-19 11:42 <DIR> dr-h----- C:\MSOCache
2008-05-19 11:34 . 2008-05-19 11:34 <DIR> d-------- C:\Program Files\Paint.NET
2008-05-19 11:30 . 2008-05-19 12:04 <DIR> d-------- C:\Program Files\MSBuild
2008-05-19 11:29 . 2008-05-19 15:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-19 11:29 . 2008-05-19 11:29 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-19 11:29 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-19 11:10 . 2008-05-19 11:01 <DIR> d-------- C:\Documents and Settings\Administrator\VSW0
2008-05-19 11:10 . 2008-05-19 18:22 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-19 11:10 . 2008-05-19 18:29 233,472 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-19 11:10 . 2008-05-19 14:16 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-19 11:10 . 2008-05-19 11:01 86 --a------ C:\Documents and Settings\Administrator\DelB02.bat
2008-05-19 11:07 . 2008-05-19 11:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-19 11:07 . 2008-05-19 11:07 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-19 11:07 . 2008-05-19 11:07 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-19 11:07 . 2008-05-19 11:07 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-19 11:07 . 2008-05-19 18:17 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
2008-05-19 11:07 . 2008-05-19 18:17 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG
2008-05-19 11:05 . 2008-05-19 11:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\VSW0
2008-05-19 11:05 . 2008-05-19 11:01 86 --a------ C:\WINDOWS\system32\config\systemprofile\DelB02.bat
2008-05-19 11:04 . 2008-04-14 05:41 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-05-19 11:03 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-19 11:02 . 2008-04-14 05:42 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-05-19 11:01 . 2008-05-19 11:01 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-19 11:01 . 2008-05-19 11:01 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-19 11:01 . 2008-05-19 11:01 <DIR> d-------- C:\Documents and Settings\Default User\VSW0
2008-05-19 11:01 . 2008-05-19 11:01 86 --a------ C:\Documents and Settings\Default User\DelB02.bat
2008-05-19 11:00 . 2008-05-19 17:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-19 11:00 . 2008-05-19 12:19 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 10:05 . 2008-05-11 10:05 1,614,848 --a------ C:\WINDOWS\system32\sfcfiles.dll
2008-05-11 10:00 . 2008-05-11 10:00 990,208 --a------ C:\WINDOWS\system32\syssetup.dll
2008-05-11 10:00 . 2008-05-19 12:59 361,344 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-05-11 10:00 . 2008-05-11 10:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll
2008-05-11 09:56 . 2008-05-11 09:56 524,288 --a------ C:\WINDOWS\opuc.dll
2008-05-11 09:56 . 2008-05-11 09:56 501,760 --a------ C:\WINDOWS\system32\usp10.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 09:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-19 09:48 --------- d-----w C:\Program Files\System
2008-05-11 08:59 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-05-11 08:59 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-05-11 08:59 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-05-11 08:59 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2008-05-11 08:59 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-05-11 08:58 56,832 ----a-w C:\WINDOWS\system32\mshta.exe
2008-05-11 08:58 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-05-11 08:58 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-05-11 08:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-05-11 08:57 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-05-11 08:57 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2008-05-11 08:57 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2008-05-11 08:56 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-05-11 08:56 142,696 ----a-w C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2008-04-14 06:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp
2008-04-14 06:34 16,535 ----a-r C:\WINDOWS\SET8.tmp
2008-04-14 06:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp
2008-04-14 05:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll
2008-04-14 05:42 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
2008-04-14 05:42 4,274,816 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2008-04-14 05:42 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll
2008-04-14 05:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 05:41 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll
2008-04-14 05:41 20,992 ----a-w C:\WINDOWS\system32\bthci.dll
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin
2008-04-14 04:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 04:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 04:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 04:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 04:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 04:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 00:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 00:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 00:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 00:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-14 00:15 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-14 00:15 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-14 00:15 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-14 00:15 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-14 00:15 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-14 00:15 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
2008-04-14 00:10 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 00:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-14 00:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-14 00:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-14 00:06 42,368 ----a-w C:\WINDOWS\system32\drivers\AGP440.SYS
2008-04-14 00:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 23:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 23:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 23:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 23:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 23:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 23:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 23:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 23:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 23:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 23:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 23:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 23:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 23:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 23:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 23:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 23:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 23:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 23:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 23:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 23:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 23:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 23:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 23:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 23:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 23:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 23:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 23:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 23:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 23:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 23:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 23:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 23:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 23:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-04-13 23:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 23:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 23:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 23:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 23:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 23:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 23:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 23:15 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-13 23:15 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
.

------- Sigcheck -------

2008-05-19 12:59 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-19 12:59 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-04-14 05:42 1078272 54a9bd1c6439b5ad3f9a2a1339bbca2d C:\WINDOWS\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\system32\dllcache\explorer.exe

2008-04-14 05:42 26624 738eb69c41fa9e6d63f2c019f4e1135a C:\WINDOWS\system32\ctfmon.exe
2008-04-14 05:42 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 26624]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-19 12:19 267568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2670592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 18:29:45
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 18:31:53
ComboFix-quarantined-files.txt 2008-05-19 17:31:19

Pre-Run: 70,503,378,944 bytes free
Post-Run: 70,501,871,616 bytes free

271 --- E O F --- 2008-05-19 17:14:35





HIJACK THIS LOG.........



AC3Filter (remove only)
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AVI Codec Pack
Cabos
CCleaner (remove only)
DirectVobSub (remove only)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623
Free Sound Recorder v5.9.2
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Java™ 6 Update 5
Kels' CPL Bonus Pack!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (2.0.0.14)
Nero 7 Premium
neroxml
Nokia Connectivity Cable Driver
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Paint.NET v3.0
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB941569)
SpywareBlaster 4.0
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
VideoLAN VLC media player 0.8.6f
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 11
WinRAR archiver

#8 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 12:25 PM

Hi there, Ive installed Avast Anti Virus like you said and Im still getting the same message on PAINT.NET and it wont open up anymore since the viruses, the message appears to say... "the application failed to intialize properly (0xc000007b) Click on Ok to terminate the application". can you help me with that also. thanks

Edited by rejaul2008, 19 May 2008 - 12:38 PM.

#9 rejaul2008

rejaul2008

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 20 May 2008 - 05:03 AM

HI jpshortstuff, Im still suffering problems with my computer, using a PAINT software called PAINT.NET and i keep getting a message and it wont open up anymore, the message says... the application failed to intialize properly (0xc000007b) Click on Ok to terminate the application. Can you help me with this problem?

#10 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 20 May 2008 - 10:26 AM

rejaul2008, it would appear that you are receiving help at another forum (Tweaks).

When you post to multiple forums like this, recommendations given by the experts at either forums could conflict, and also confuse the helpers as to why certain things are appearing or disappearing in the logs.
Also, you are effectively wasting a helper's time that they could be helping someone else with. Remember, these logs take time to analyze and produce fixes for, so we don't need users posting at other forums for 'more' help.

The thread here will be closed, and you can continue to be helped by RichieUk. If you have posted to any other forums, i suggest you choose ONE forum to receive your help at, and let the others know what is going on.

Thanks for your understanding,

jpshortstuff

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·