[Closed] Unknown infection - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

Start new topics and reply to others
Subscribe to topics and forums to get automatic updates
Add events to our community calendar
Get your own profile and make new friends
Customize your experience here

Page 1 of 1

You cannot start a new topic
This topic is locked

[Closed] Unknown infection Randomly created files, which tries to access the web

#1 LithIX

Newbie Member

Group: Member
Posts: 6
Joined: 31-December 08

Posted 31 December 2008 - 02:24 PM

Hi guys,

I've got a seriously annoying infection which I'm unable to get rid of. Been lurking all around the web looking for answers but can't seem to find one.

Here it goes:

Random files are generated in "C:\Documents and Settings\MyUsername\" directory, and then tries to access the web and who else knows what... File names vary from: sdsd.exe, sdsd21.exe, fgfghgh.exe etc, etc, etc. If I delete any of those files, they just return, with the original name or something similar. I also noticed files gets created in: "C:\Documents and Settings\MyUsername\Local Settings\Temporary Internet Files\" called: redem.exe (http://www.dolarvirus.is-the-boss.com/redem.exe) as well as: login.asp (http://www.vadipoker.com/login.asp). Sites I did not willingly go to =/ It also does not help deleting the files, as they just return.

I tried various antivirus, as well as anti spyware, and anti malware software, all to no avail. It's resilient!

Anyway, I hope you guys can help! See log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:05:13 PM, on 2008/12/31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dashboard Launcher.lnk = ?
O4 - Global Startup: iBurst_Terminal UTL.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1229336757921
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5B6195-07AB-44D4-8AAF-ABB282DA81C6}: NameServer = 196.30.31.193 196.7.0.138
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7633 bytes

This post has been edited by LithIX: 31 December 2008 - 02:28 PM

Back to top of the page up there ^
MultiQuote
Reply

#2 Billy O'Neal

Visiting Staff

Group: Visiting Teacher
Posts: 629
Joined: 21-June 08
Gender:Male
Location:Northfield, Ohio
Interests:Programming, Malware Smashing

Posted 04 January 2009 - 03:23 AM

Hello, LithIX
Further logs will likely contain your username. If you're concerned about revealing this information, I can move you to a private area only you and I can view if you wish.

Just let me know.

:welcome: to 247Fixes.com

My name is BillyIII and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the http://www.247fixes.com/forums/style_images/killspyware/t_reply.gif button in the lower left hand corner of your screen.

We need to create an OTViewIt Report

Please download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/otviewit.png icon on your desktop.
Click the "Scan All Users" checkbox.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/otviewitrun.png button.
Two reports will open, copy and paste them in a reply here:
- OTViewIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

In your next reply, please include the following:
OTViewIt.txt
Extra.txt

BillyIII

Back to top of the page up there ^
MultiQuote
Reply

#3 LithIX

Newbie Member

Group: Member
Posts: 6
Joined: 31-December 08

Posted 04 January 2009 - 07:35 AM

Hi Bill, thanx for the reply.

Nah, username is not a big deal =) Anyway, find below the logs as requested:
PS: Just a heads up on stuff I've done to the system not mentioned:
I did edit the hosts file to try to get my pc to not connect to the file mentioned in my first post (in temp internet files.) I also setup a group policy preventing sds2d21.exe, sds2d201.exe from executing (both found in docs n settings/myusername/)

OTViewIt logfile created on: 2009/01/04 09:29:54 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.63% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 9.81 Gb Free Space | 33.50% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 4.19 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Drive E: | 100.21 Gb Total Space | 29.44 Gb Free Space | 29.38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OMEGA
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/12/27 11:43:35 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/12/24 13:33:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/02/03 05:11:22 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
[2004/08/06 03:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
[2004/09/22 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
[2004/09/22 20:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
[2004/08/06 03:50:00 | 00,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
[2008/08/15 23:22:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/04/21 11:46:51 | 00,098,816 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2006/01/22 19:45:08 | 00,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
[2006/02/07 07:10:34 | 00,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
[2008/12/24 13:33:25 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/09/22 20:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
[2004/08/06 03:50:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[2003/10/07 09:48:56 | 00,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
[2008/10/24 13:23:10 | 01,056,928 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.0\THGuard.exe
[2008/11/16 05:49:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/12/29 15:33:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2007/03/13 18:19:08 | 00,053,248 | ---- | M] (iBurst) -- C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe
[2006/03/29 03:25:00 | 00,311,296 | ---- | M] () -- C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe
[2008/12/18 07:59:07 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/04 09:29:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/12/27 11:43:35 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/10/28 23:16:21 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/12/24 13:33:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/02/03 05:11:22 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device [Auto | Running])
[2004/08/06 03:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2004/09/22 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Running])
[2004/09/22 20:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
[2008/08/15 23:22:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2005/02/20 19:52:28 | 00,014,336 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services ==========

[2007/01/25 16:37:16 | 04,027,456 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])
[2007/07/27 18:25:04 | 00,082,304 | ---- | M] (FiLeOCK) -- C:\WINDOWS\system32\drivers\FiLeOCK.sys -- (FileOCK [Boot | Running])
[2006/03/29 03:25:00 | 00,037,362 | ---- | M] (KYOCERA CORPORATION) -- C:\WINDOWS\system32\drivers\iBurstu.sys -- (iBurstu [On_Demand | Running])
[2001/08/17 15:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2004/09/22 20:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
[2004/09/22 20:00:00 | 00,058,048 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
[2008/08/15 23:22:00 | 06,121,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/04/14 20:09:04 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/04/14 20:09:06 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/04/08 01:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2004/06/24 03:54:12 | 00,023,552 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running])
[2008/10/08 07:15:12 | 00,025,216 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901 [On_Demand | Stopped])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/08/04 14:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2004/08/19 07:21:00 | 00,189,568 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2004/09/22 20:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (837 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.dolarvirus.is-the-boss.com
127.0.0.1 213.193.4.11
127.0.0.1 members.tmm.vip.lyceu.net

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" (Lexmark International Inc.)
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s ()
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 ()
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" ()
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" (Network Associates, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" (Mischel Internet Security)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Windows Video Drivers"=C:\RECYCLER\S-1-5-21-1683563933-7360221195-895377426-2503\winlogon.exe ()

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Windows Video Drivers"=C:\RECYCLER\S-1-5-21-1683563933-7360221195-895377426-2503\winlogon.exe ()

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/10/28 23:10:57 | 00,008,192 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dashboard Launcher.lnk = C:\WINDOWS\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe
[2006/03/29 03:25:00 | 00,311,296 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iBurst_Terminal UTL.lnk = C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr File not found

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.mi...b?1229336757921 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{153A51DF-8EFC-4B4A-9E90-A851171551DF} (Servers: | Description: iBurst Terminal)
{33996053-AE3E-4D07-B080-60DFDE568793} (Servers: | Description: )
{8A122C72-0A96-46F9-BEEB-2389B211F43A} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{A95875EE-9F49-43BA-9F9D-8365A75C6A4B} (Servers: | Description: 1394 Net Adapter)
{F263A156-C423-471A-9EEC-96299080084A} (Servers: | Description: iBurst Terminal)
{F2F67D94-0CAF-4C48-8B52-1C2E91CA8EA1} (Servers: | Description: NVIDIA nForce Networking Controller)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
taskmgr.exe:"Debugger" = E:\Software\Process Explorer 10.05\procexp.exe (Sysinternals)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/10/28 22:19:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67dfe755-a589-11dd-bd80-00c0eec5a5f9}\Shell\AutoRun\command]
""=F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67dfe755-a589-11dd-bd80-00c0eec5a5f9}\Shell\open\command]
""=F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/04 09:29:21 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTViewIt.exe
[2009/01/02 19:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\My Documents\Ascaron Entertainment
[2009/01/02 19:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Ascaron Entertainment
[2009/01/02 19:51:53 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/01/02 19:49:24 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/01/02 19:49:24 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/01/02 19:49:23 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/01/02 19:49:22 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/01/02 19:49:22 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/01/02 19:49:22 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/01/02 19:48:22 | 00,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/01/02 19:48:22 | 00,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/01/02 19:48:13 | 00,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sacred 2 Demo.lnk
[2009/01/02 19:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/01/02 19:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2009/01/02 19:45:01 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/01/02 17:17:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/12/31 23:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\TrojanHunter
[2008/12/31 17:11:34 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\TrojanHunter.lnk
[2008/12/31 17:11:22 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/12/31 17:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2008/12/31 17:04:56 | 00,000,000 | ---D | C] -- C:\quarantine
[2008/12/31 15:35:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2008/12/31 15:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/30 17:34:22 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/12/30 17:33:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/30 17:25:31 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/12/30 17:25:31 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/30 17:25:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/30 17:25:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/30 17:25:28 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/12/30 17:25:28 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/12/30 17:25:28 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/12/30 17:25:28 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/12/30 17:25:27 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/12/30 17:25:27 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/12/30 17:25:27 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/12/30 17:25:27 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/12/30 17:25:27 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/12/30 17:25:26 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/12/30 17:25:26 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/12/30 17:25:26 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/12/30 17:25:26 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/12/30 17:25:26 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/12/30 17:25:26 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/12/30 17:25:26 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/12/30 17:25:26 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/12/30 17:25:25 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/12/30 17:25:25 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/12/30 17:25:25 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/12/30 17:25:25 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/12/30 17:25:25 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/12/30 17:25:25 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/12/30 17:25:25 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/12/30 17:25:25 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/12/30 17:25:25 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/12/30 17:25:25 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/12/30 17:25:25 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/12/30 17:25:24 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/12/30 17:25:24 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/12/30 17:25:24 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/12/30 17:25:24 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/12/30 17:25:24 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/12/30 17:25:24 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/12/30 17:25:24 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/12/30 17:25:24 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/12/30 17:25:24 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/12/30 17:25:24 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/12/30 17:25:24 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/12/30 17:25:24 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/12/30 17:25:24 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/12/30 17:25:23 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/12/30 17:25:23 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/12/30 17:25:23 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/12/30 17:25:23 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/12/30 17:25:23 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/12/30 17:25:23 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/12/30 17:25:23 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/12/30 17:25:23 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/12/30 17:25:23 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/12/30 17:25:23 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/12/30 17:25:23 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/12/30 17:25:23 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/12/30 17:25:23 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/12/30 17:25:23 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/12/30 17:25:23 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/12/30 17:25:22 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/12/30 17:25:22 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/12/30 17:25:22 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/12/30 17:25:22 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/12/30 17:25:22 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/12/30 17:25:22 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/12/30 17:25:22 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/12/30 17:25:22 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/12/30 17:25:22 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/12/30 17:25:20 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/12/30 17:25:19 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/12/30 17:25:19 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/12/30 17:25:19 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/12/30 17:25:18 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/12/30 17:25:18 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/12/30 17:25:18 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/12/30 17:25:17 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/12/30 17:25:17 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/12/30 17:25:17 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/12/30 17:25:17 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/12/30 17:25:17 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/12/30 17:25:17 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/12/30 17:25:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/12/30 17:25:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/12/30 17:25:17 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/12/30 17:25:17 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/12/30 17:25:17 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/12/30 17:25:02 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/12/30 17:25:02 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/12/30 17:25:01 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/12/30 17:25:01 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/12/30 17:24:57 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/30 17:24:55 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/12/30 17:24:55 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/12/30 17:24:55 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/12/30 17:24:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/30 17:24:54 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/12/30 17:24:54 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/12/30 17:24:54 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/12/30 17:24:54 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/12/30 17:24:54 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/12/30 17:24:54 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/12/30 17:24:54 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/12/30 17:24:54 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/12/30 17:24:54 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/12/30 17:24:54 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/12/30 17:24:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/12/30 17:24:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/12/30 17:24:54 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/12/30 17:24:54 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/12/30 17:24:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/12/30 17:24:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/12/30 17:24:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/12/30 17:24:52 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2008/12/30 17:24:51 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/12/30 17:24:51 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/12/30 17:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/30 17:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/30 17:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/30 17:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/30 17:24:50 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/30 17:24:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/30 17:24:50 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/30 17:24:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/30 17:24:49 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/12/30 17:24:49 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/12/30 17:24:49 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/12/30 17:24:49 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/12/30 17:24:49 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/12/30 17:24:49 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/12/30 17:24:49 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/12/30 17:24:48 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/12/30 17:24:48 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/30 17:24:48 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/12/30 17:24:48 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/12/30 17:24:48 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/12/30 17:24:48 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/12/30 17:24:48 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/30 17:24:47 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/12/30 17:24:47 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/12/30 17:24:47 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2008/12/30 17:24:47 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/30 17:24:47 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/12/30 17:24:47 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/12/30 17:24:47 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2008/12/30 17:24:46 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2008/12/30 17:24:46 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/12/30 17:24:46 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/12/30 17:24:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/30 17:24:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/30 17:24:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/30 17:24:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/30 17:21:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/30 17:20:50 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/12/30 17:19:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/30 17:18:59 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/12/30 17:18:59 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/12/30 17:18:59 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/12/30 17:18:57 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/12/30 17:18:57 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/12/30 17:18:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/12/30 17:18:57 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/12/30 17:18:56 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/12/30 17:18:56 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/30 17:18:56 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/12/30 17:18:56 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/12/30 17:18:55 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/12/30 17:18:55 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/12/30 17:18:55 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/30 17:18:54 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/12/30 17:18:54 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/12/30 17:18:53 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/30 17:18:53 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/30 17:18:53 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/12/30 17:18:53 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/12/30 17:18:53 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/30 17:13:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/30 16:03:53 | 00,000,512 | ---- | C] () -- C:\WINDOWS\randseed.rnd
[2008/12/30 15:58:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2008/12/30 15:58:13 | 00,108,256 | ---- | C] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys
[2008/12/30 15:58:13 | 00,058,048 | ---- | C] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\mvstdi5x.sys
[2008/12/30 15:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/12/30 15:58:03 | 00,000,000 | ---D | C] -- C:\Program Files\Network Associates
[2008/12/30 15:58:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Network Associates
[2008/12/30 15:39:58 | 02,665,796 | ---- | C] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\Daniel\Desktop\nLite-1.4.9.1.installer.exe
[2008/12/27 13:18:15 | 00,009,339 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\mats.xlsx
[2008/12/27 11:43:07 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/27 11:43:05 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/27 11:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/27 11:32:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/27 06:20:24 | 00,000,000 | RHSD | C] -- C:\Recycle
[2008/12/24 13:33:23 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/24 13:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\Sun
[2008/12/17 10:41:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/17 10:41:52 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/16 07:20:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/12/15 12:27:30 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/15 12:27:30 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/12/15 12:27:30 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/15 12:27:30 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/15 12:27:30 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/15 12:27:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/15 12:20:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/12/15 08:12:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\Malwarebytes
[2008/12/15 08:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/15 08:06:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/12/15 08:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/12/15 08:06:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com
[2008/12/14 19:04:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/14 19:03:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/04 09:29:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTViewIt.exe
[2009/01/03 17:18:16 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/01/02 20:08:45 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/01/02 20:08:45 | 00,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dashboard Launcher.lnk
[2009/01/02 20:08:38 | 00,199,261 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/02 20:08:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/02 20:08:24 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/02 20:08:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/02 19:57:32 | 00,074,088 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/02 19:56:15 | 00,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/02 19:51:53 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/01/02 19:49:29 | 05,439,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/01/02 19:48:22 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/01/02 19:48:22 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/01/02 19:48:13 | 00,001,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sacred 2 Demo.lnk
[2008/12/31 23:36:25 | 00,065,924 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/31 17:11:35 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/12/31 17:11:34 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\TrojanHunter.lnk
[2008/12/31 16:00:43 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2008/12/31 16:00:43 | 00,001,529 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iBurst_Terminal UTL.lnk
[2008/12/31 15:35:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2008/12/31 07:55:44 | 00,001,842 | -H-- | M] () -- C:\Documents and Settings\Daniel\My Documents\Default.rdp
[2008/12/30 17:35:21 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/30 17:35:19 | 00,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/30 17:35:19 | 00,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/30 17:35:18 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/30 17:18:14 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/30 15:47:44 | 02,665,796 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\Daniel\Desktop\nLite-1.4.9.1.installer.exe
[2008/12/29 22:09:37 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysFS.dll
[2008/12/27 13:18:15 | 00,009,339 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\mats.xlsx
[2008/12/27 11:43:07 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/26 16:22:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/25 11:12:23 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/25 11:11:09 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/24 14:45:46 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/24 14:45:46 | 00,000,211 | -HS- | M] () -- C:\boot.ini
< End of report >

OTViewIt Extras logfile created on: 2009/01/04 09:29:54 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.63% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 9.81 Gb Free Space | 33.50% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 4.19 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Drive E: | 100.21 Gb Total Space | 29.44 Gb Free Space | 29.38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OMEGA
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
"AntiVirusDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/30 16:18:20 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\Daniel\kkkfucku.exe:*:Enabled:Windows Messanger
File not found -- C:\Documents and Settings\Daniel\asdsdsd.exe:*:Enabled:Windows Messanger
File not found -- C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Ryan.exe:*:Enabled:Windows Messanger
[2008/12/27 06:20:23 | 00,040,960 | ---- | M] () -- C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe:*:Enabled:Windows Messanger
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/25 20:07:56 | 05,092,136 | ---- | M] () -- E:\Program Files\cdv USA\Sacred 2 - Demo\system\s2gs.exe:*:Enabled:Sacred 2 Game Server
[2008/09/25 20:08:04 | 08,871,208 | ---- | M] () -- E:\Program Files\cdv USA\Sacred 2 - Demo\system\sacred2.exe:*:Enabled:Sacred 2

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=Lexmark Toolbar
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{4636E701-5410-4231-BF83-6B99DE575149}"=Sacred 2 Demo
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}"=McAfee VirusScan Enterprise
"{797E599D-F9F7-4CA9-8323-79BA07E20CFD}"=iBurst Dashboard V2
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90133000-1F11-4819-B708-9DF0870A9C54}"=iBurst Terminal
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Folder Secure_is1"=Folder Secure
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"ie8"=Windows Internet Explorer 8 Beta 2
"Lexmark 2400 Series"=Lexmark 2400 Series
"Lexmark Fax Solutions"=Lexmark Fax Solutions
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero 6 Enterprise Edition
"NVIDIA Drivers"=NVIDIA Drivers
"OpenVPN"=OpenVPN 2.0-gui-1.0
"Picasa 3"=Picasa 3
"PROPLUS"=Microsoft Office Professional Plus 2007
"TrojanHunter_is1"=TrojanHunter 5.0
"Warhammer Online: Age of Reckoning_is1"=Warhammer Online: Age of Reckoning
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"Yahoo! Toolbar"=Yahoo! Toolbar
"ZoneAlarm"=ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008/12/29 01:32:28 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 01:38:19 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 01:44:08 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 01:49:59 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 01:55:48 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 02:01:39 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 02:07:29 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 02:13:18 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 02:19:09 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

Error - 2008/12/29 02:24:59 PM | Computer Name = OMEGA | Source = Application Error | ID = 1000
Description = Faulting application sdsd.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00001010.

[ System Events ]
Error - 2008/12/26 10:23:22 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2008/12/26 10:23:22 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips IPSec KLIF MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant
WS2IFSL

Error - 2008/12/26 10:23:47 AM | Computer Name = OMEGA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008/12/26 10:25:57 AM | Computer Name = OMEGA | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 2008/12/27 09:30:36 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 2008/12/28 06:37:46 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7034
Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2008/12/28 06:37:46 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2008/12/28 06:37:46 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2008/12/28 06:37:46 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7031
Description = The Universal Plug and Play Device Host service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 2008/12/28 06:37:46 AM | Computer Name = OMEGA | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly. It has done this 1
time(s).

< End of report >

This post has been edited by LithIX: 04 January 2009 - 07:41 AM

Back to top of the page up there ^
MultiQuote
Reply

#4 Billy O'Neal

Visiting Staff

Group: Visiting Teacher
Posts: 629
Joined: 21-June 08
Gender:Male
Location:Northfield, Ohio
Interests:Programming, Malware Smashing

Posted 04 January 2009 - 03:14 PM

Hello, LithIX
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: http://img.photobucket.com/albums/v666/sUBs/donate_3.gif

How to run ComboFix:

Please download ComboFix from one of the following mirrors, and save it to your desktop.
Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
Double click http://billy-oneal.com/Canned%20Speeches/speechimages/combofix/desktopicon.png on your desktop.
Read and accept (Press Yes) to the disclaimer.
For Windows XP Systems: Install the Recovery Console:
- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA, press OK.
- Accept Microsoft's EULA (Press Yes).
- When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
ComboFix will run. Simply wait for it to finish.
When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)

NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
ComboFix.txt

BillyIII

Back to top of the page up there ^
MultiQuote
Reply

#5 LithIX

Newbie Member

Group: Member
Posts: 6
Joined: 31-December 08

Posted 04 January 2009 - 04:39 PM

ComboFix 09-01-02.01 - Daniel 2009-01-04 18:32:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1660 [GMT 2:00]
Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Daniel\Application Data\.#
c:\documents and settings\Daniel\Application Data\.#\MBX@CEC@A141A8.###
c:\documents and settings\Daniel\Application Data\.#\MBX@CEC@A141D8.###
c:\documents and settings\Daniel\Application Data\.#\MBX@CEC@A14208.###
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 08:06 . 2009-01-04 18:31 34,860 --a------ c:\documents and settings\Daniel\sds2d201.exe
2009-01-02 21:04 . 2009-01-03 22:24 89,600 --a------ c:\documents and settings\Daniel\new1.exe
2009-01-02 19:51 . 2009-01-02 19:51 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-02 19:49 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-02 19:49 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-01-02 19:49 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-01-02 19:49 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-01-02 19:49 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-01-02 19:49 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-02 19:48 . 2009-01-02 19:48 413,696 --a------ c:\windows\system32\wrap_oal.dll
2009-01-02 19:48 . 2009-01-02 19:48 110,592 --a------ c:\windows\system32\OpenAL32.dll
2009-01-02 19:45 . 2009-01-02 19:45 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-02 19:45 . 2009-01-02 19:45 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-02 19:45 . 2009-01-02 19:45 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-02 17:17 . 2009-01-02 17:17 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-02 16:49 . 2009-01-02 21:12 34,860 --a------ c:\documents and settings\Daniel\sds2d21.exe
2008-12-31 23:35 . 2008-12-31 23:35 <DIR> d-------- c:\documents and settings\Daniel\Application Data\TrojanHunter
2008-12-31 17:11 . 2008-12-31 17:11 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-31 17:04 . 2008-12-31 17:42 <DIR> d-------- C:\quarantine
2008-12-31 15:35 . 2008-12-31 15:35 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 17:34 . 2008-04-14 05:42 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-30 17:24 . 2008-12-30 17:24 <DIR> d-------- c:\windows\system32\scripting
2008-12-30 17:21 . 2008-12-30 17:25 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-30 17:20 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-12-30 17:19 . 2008-04-14 05:41 4,255 --------- c:\windows\system32\drivers\adv01nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,967 --------- c:\windows\system32\drivers\adv02nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,647 --------- c:\windows\system32\drivers\adv07nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,615 --------- c:\windows\system32\drivers\adv05nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,135 --------- c:\windows\system32\drivers\adv08nt5.dll
2008-12-30 17:16 . 2006-12-29 00:31 19,569 --a------ c:\windows\002903_.tmp
2008-12-30 16:03 . 2009-01-04 17:12 512 --a------ c:\windows\randseed.rnd
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\program files\Network Associates
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\program files\Common Files\Network Associates
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2008-12-30 15:58 . 2004-09-22 20:00 108,256 --a------ c:\windows\system32\drivers\naiavf5x.sys
2008-12-30 15:58 . 2004-09-22 20:00 58,048 --a------ c:\windows\system32\drivers\mvstdi5x.sys
2008-12-27 11:43 . 2008-12-27 11:43 <DIR> d-------- c:\program files\Lavasoft
2008-12-27 11:43 . 2008-12-27 11:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 11:32 . 2008-12-27 11:32 <DIR> d-------- c:\windows\Sun
2008-12-27 06:20 . 2008-12-27 06:20 <DIR> dr-hs---- C:\Recycle
2008-12-24 13:33 . 2008-12-24 13:33 <DIR> d-------- c:\program files\Java
2008-12-24 13:33 . 2008-12-24 13:33 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-24 13:33 . 2008-12-24 13:33 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-17 10:41 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-17 10:41 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-16 07:20 . 2008-12-16 07:20 <DIR> d--h----- c:\windows\PIF
2008-12-15 12:27 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-15 12:27 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-15 12:27 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-15 12:27 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-15 12:27 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-15 12:20 . 2008-12-15 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-15 11:23 . 2008-12-15 11:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-15 08:19 . 2008-12-15 08:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-15 08:12 . 2008-12-15 08:12 <DIR> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes
2008-12-15 08:12 . 2008-12-15 08:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 08:06 . 2008-12-27 15:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-15 08:06 . 2008-12-27 15:30 <DIR> d-------- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
2008-12-15 08:06 . 2008-12-15 08:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-14 19:04 . 2008-12-25 11:11 116 --a------ c:\windows\NeroDigital.ini
2008-12-14 19:03 . 2008-12-14 19:03 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-14 19:03 . 2008-04-08 01:16 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-14 19:03 . 2008-04-08 01:16 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-04 21:27 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2008-12-04 21:27 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2008-12-04 21:26 . 2008-12-04 21:26 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-04 21:26 . 2008-12-04 21:26 <DIR> d-------- c:\program files\Ahead
2008-12-04 21:26 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-12-04 21:26 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-12-04 21:26 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-12-04 21:26 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-12-04 21:26 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-12-04 21:26 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-12-04 21:22 . 2008-12-04 21:22 <DIR> d-------- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 18:09 --------- d-----w c:\program files\lx_cats
2009-01-02 17:49 5,439,520 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-02 17:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-31 21:36 65,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-30 14:51 --------- d-----w c:\documents and settings\Daniel\Application Data\FaxCtr
2008-12-29 13:55 1,608,379 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-27 11:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-22 13:40 2,621,440 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-12-22 13:40 1,500,672 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-12-17 08:42 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-14 17:03 --------- d-----w c:\program files\Google
2008-12-03 18:52 --------- d-----w c:\documents and settings\Daniel\Application Data\uTorrent
2008-11-30 14:18 --------- d-----w c:\program files\uTorrent
2008-11-18 19:03 1,428,992 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-17 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 03:40 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-11-05 08:14 --------- d-----w c:\program files\Lexmark Toolbar
2008-11-05 08:13 --------- d-----w c:\program files\Lexmark 2400 Series
2008-11-05 08:12 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2008-11-04 15:15 --------- d-----w c:\program files\Common Files\PC Tools
2008-11-04 15:13 --------- d-----w c:\program files\Zone Labs
2008-11-04 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-04 06:39 --------- d-----w c:\documents and settings\Daniel\Application Data\AdobeUM
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 68856]
"Google Update"="c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-29 133104]
"Windows Video Drivers"="c:\recycler\S-1-5-21-1683563933-7360221195-895377426-2503\winlogon.exe" [2009-01-02 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-15 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-15 86016]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-04-21 98816]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-08-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM 29696]
Dashboard Launcher.lnk - c:\windows\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe [10/28/2008 11:10:57 PM 8192]
iBurst_Terminal UTL.lnk - c:\program files\iBurst Terminal\iBurst_Terminal_UTL.EXE [10/28/2008 10:42:01 PM 311296]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileOCK.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FILEOCK]
--a------ 2007-10-09 18:22 114688 c:\program files\Folder Secure\FSecure_PD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lxcr_device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Recycle\\X-5-4-27-2345678318-4567890223-4234567884-2341\\RisinG.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\cdv USA\\Sacred 2 - Demo\\system\\s2gs.exe"=
"e:\\Program Files\\cdv USA\\Sacred 2 - Demo\\system\\sacred2.exe"=

R0 FileOCK;FileOCK;c:\windows\system32\drivers\FiLeOCK.sys [10/31/2008 11:43:58 AM 82304]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [12/30/2008 3:58:13 PM 58048]
R3 iBurstu;iBurst Terminal;c:\windows\system32\drivers\iBurstu.sys [10/28/2008 10:42:01 PM 37362]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [6/24/2004 3:54:12 AM 23552]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [10/8/2008 7:15:12 AM 25216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67dfe755-a589-11dd-bd80-00c0eec5a5f9}]
\Shell\AutoRun\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987891}]
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Ryan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644141}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}]
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-602162358-1801674531-1003.job
- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 15:33]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6F5B6195-07AB-44D4-8AAF-ABB282DA81C6} = 196.30.31.193 196.7.0.138
FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\vjwpz6pp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 18:35:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

C:\FiLeOCK.ini 138 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1396)
c:\windows\system32\EntApi.dll
.
Completion time: 2009-01-04 18:36:24
ComboFix-quarantined-files.txt 2009-01-04 16:36:21

Pre-Run: 10,482,847,744 bytes free
Post-Run: 10,510,876,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

250

Back to top of the page up there ^
MultiQuote
Reply

#6 Billy O'Neal

Visiting Staff

Group: Visiting Teacher
Posts: 629
Joined: 21-June 08
Gender:Male
Location:Northfield, Ohio
Interests:Programming, Malware Smashing

Posted 04 January 2009 - 06:00 PM

Hello, LithIX
We need to re-run ComboFix with some additonal directives.

Please disable any running anti-virus programs.

If you are unsure how to do this, see this topic: http://www.bleepingc...opic114351.html
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\cdv USA\\Sacred 2 - Demo\\system\\s2gs.exe"=-
"e:\\Program Files\\cdv USA\\Sacred 2 - Demo\\system\\sacred2.exe"=-
"c:\\Recycle\\X-5-4-27-2345678318-4567890223-4234567884-2341\\RisinG.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67dfe755-a589-11dd-bd80-00c0eec5a5f9}]
[-HKEY_CLASSES_ROOT\CLSID\{67dfe755-a589-11dd-bd80-00c0eec5a5f9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987891}]
[-HKEY_CLASSES_ROOT\CLSID\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987891}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
[-HKEY_CLASSES_ROOT\CLSID\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644141}]
[-HKEY_CLASSES_ROOT\CLSID\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644141}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}]
[-HKEY_CLASSES_ROOT\CLSID\{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}]
folder::
c:\Recycle
c:\config
c:\system
f:\config

Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
ComboFix.txt

BillyIII

Back to top of the page up there ^
MultiQuote
Reply

#7 LithIX

Newbie Member

Group: Member
Posts: 6
Joined: 31-December 08

Posted 04 January 2009 - 07:36 PM

ComboFix 09-01-02.01 - Daniel 2009-01-04 21:30:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1638 [GMT 2:00]
Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\config
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\Recycle
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Desktop.ini
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe
c:\system
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 08:06 . 2009-01-04 18:31 34,860 --a------ c:\documents and settings\Daniel\sds2d201.exe
2009-01-02 21:04 . 2009-01-03 22:24 89,600 --a------ c:\documents and settings\Daniel\new1.exe
2009-01-02 19:51 . 2009-01-02 19:51 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-02 19:49 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-02 19:49 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-01-02 19:49 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-01-02 19:49 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-01-02 19:49 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-01-02 19:49 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-02 19:48 . 2009-01-02 19:48 413,696 --a------ c:\windows\system32\wrap_oal.dll
2009-01-02 19:48 . 2009-01-02 19:48 110,592 --a------ c:\windows\system32\OpenAL32.dll
2009-01-02 19:45 . 2009-01-02 19:45 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-02 19:45 . 2009-01-02 19:45 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-02 19:45 . 2009-01-02 19:45 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-02 17:17 . 2009-01-02 17:17 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-02 16:49 . 2009-01-02 21:12 34,860 --a------ c:\documents and settings\Daniel\sds2d21.exe
2008-12-31 23:35 . 2008-12-31 23:35 <DIR> d-------- c:\documents and settings\Daniel\Application Data\TrojanHunter
2008-12-31 17:11 . 2008-12-31 17:11 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-31 17:04 . 2008-12-31 17:42 <DIR> d-------- C:\quarantine
2008-12-31 15:35 . 2008-12-31 15:35 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 17:34 . 2008-04-14 05:42 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-30 17:24 . 2008-12-30 17:24 <DIR> d-------- c:\windows\system32\scripting
2008-12-30 17:21 . 2008-12-30 17:25 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-30 17:20 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-12-30 17:19 . 2008-04-14 05:41 4,255 --------- c:\windows\system32\drivers\adv01nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,967 --------- c:\windows\system32\drivers\adv02nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,647 --------- c:\windows\system32\drivers\adv07nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,615 --------- c:\windows\system32\drivers\adv05nt5.dll
2008-12-30 17:19 . 2008-04-14 05:41 3,135 --------- c:\windows\system32\drivers\adv08nt5.dll
2008-12-30 17:16 . 2006-12-29 00:31 19,569 --a------ c:\windows\002903_.tmp
2008-12-30 16:03 . 2009-01-04 17:12 512 --a------ c:\windows\randseed.rnd
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\program files\Network Associates
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\program files\Common Files\Network Associates
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-30 15:58 . 2008-12-30 15:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2008-12-30 15:58 . 2004-09-22 20:00 108,256 --a------ c:\windows\system32\drivers\naiavf5x.sys
2008-12-30 15:58 . 2004-09-22 20:00 58,048 --a------ c:\windows\system32\drivers\mvstdi5x.sys
2008-12-27 11:43 . 2008-12-27 11:43 <DIR> d-------- c:\program files\Lavasoft
2008-12-27 11:43 . 2008-12-27 11:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 11:32 . 2008-12-27 11:32 <DIR> d-------- c:\windows\Sun
2008-12-24 13:33 . 2008-12-24 13:33 <DIR> d-------- c:\program files\Java
2008-12-24 13:33 . 2008-12-24 13:33 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-24 13:33 . 2008-12-24 13:33 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-17 10:41 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-17 10:41 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-16 07:20 . 2008-12-16 07:20 <DIR> d--h----- c:\windows\PIF
2008-12-15 12:27 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-15 12:27 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-15 12:27 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-15 12:27 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-15 12:27 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-15 12:20 . 2008-12-15 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-15 11:23 . 2008-12-15 11:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-15 08:19 . 2008-12-15 08:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-15 08:12 . 2008-12-15 08:12 <DIR> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes
2008-12-15 08:12 . 2008-12-15 08:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 08:06 . 2008-12-27 15:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-15 08:06 . 2008-12-27 15:30 <DIR> d-------- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
2008-12-15 08:06 . 2008-12-15 08:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-14 19:04 . 2008-12-25 11:11 116 --a------ c:\windows\NeroDigital.ini
2008-12-14 19:03 . 2008-12-14 19:03 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-14 19:03 . 2008-04-08 01:16 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-14 19:03 . 2008-04-08 01:16 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-04 21:27 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2008-12-04 21:27 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2008-12-04 21:26 . 2008-12-04 21:26 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-04 21:26 . 2008-12-04 21:26 <DIR> d-------- c:\program files\Ahead
2008-12-04 21:26 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-12-04 21:26 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-12-04 21:26 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-12-04 21:26 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-12-04 21:26 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-12-04 21:26 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-12-04 21:22 . 2008-12-04 21:22 <DIR> d-------- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 19:32 5,494,816 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-02 18:09 --------- d-----w c:\program files\lx_cats
2009-01-02 17:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-31 21:36 65,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-30 14:51 --------- d-----w c:\documents and settings\Daniel\Application Data\FaxCtr
2008-12-29 13:55 1,608,379 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-27 11:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-22 13:40 2,621,440 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-12-22 13:40 1,500,672 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-12-17 08:42 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-14 17:03 --------- d-----w c:\program files\Google
2008-12-03 18:52 --------- d-----w c:\documents and settings\Daniel\Application Data\uTorrent
2008-11-30 14:18 --------- d-----w c:\program files\uTorrent
2008-11-18 19:03 1,428,992 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-17 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 03:40 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-11-05 08:14 --------- d-----w c:\program files\Lexmark Toolbar
2008-11-05 08:13 --------- d-----w c:\program files\Lexmark 2400 Series
2008-11-05 08:12 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2008-11-04 15:15 --------- d-----w c:\program files\Common Files\PC Tools
2008-11-04 15:13 --------- d-----w c:\program files\Zone Labs
2008-11-04 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-04 06:39 --------- d-----w c:\documents and settings\Daniel\Application Data\AdobeUM
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 68856]
"Google Update"="c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-15 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-15 86016]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-04-21 98816]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-08-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM 29696]
Dashboard Launcher.lnk - c:\windows\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe [10/28/2008 11:10:57 PM 8192]
iBurst_Terminal UTL.lnk - c:\program files\iBurst Terminal\iBurst_Terminal_UTL.EXE [10/28/2008 10:42:01 PM 311296]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileOCK.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FILEOCK]
--a------ 2007-10-09 18:22 114688 c:\program files\Folder Secure\FSecure_PD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lxcr_device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 FileOCK;FileOCK;c:\windows\system32\drivers\FiLeOCK.sys [10/31/2008 11:43:58 AM 82304]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [12/30/2008 3:58:13 PM 58048]
R3 iBurstu;iBurst Terminal;c:\windows\system32\drivers\iBurstu.sys [10/28/2008 10:42:01 PM 37362]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [6/24/2004 3:54:12 AM 23552]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [10/8/2008 7:15:12 AM 25216]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-602162358-1801674531-1003.job
- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 15:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows Video Drivers - c:\recycler\S-1-5-21-1683563933-7360221195-895377426-2503\winlogon.exe

.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6F5B6195-07AB-44D4-8AAF-ABB282DA81C6} = 196.30.31.193 196.7.0.138
FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\vjwpz6pp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 21:32:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

C:\FiLeOCK.ini 138 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1396)
c:\windows\system32\EntApi.dll
.
Completion time: 2009-01-04 21:33:49
ComboFix-quarantined-files.txt 2009-01-04 19:33:46
ComboFix2.txt 2009-01-04 16:36:26

Pre-Run: 10,494,988,288 bytes free
Post-Run: 10,484,396,032 bytes free

230

Back to top of the page up there ^
MultiQuote
Reply

#8 Billy O'Neal

Visiting Staff

Group: Visiting Teacher
Posts: 629
Joined: 21-June 08
Gender:Male
Location:Northfield, Ohio
Interests:Programming, Malware Smashing

Posted 04 January 2009 - 08:19 PM

Hello, LithIX
I would like us to use ESET (NOD32)'s Online Scanner

Please go to ESET OnlineScan (NOD32)
You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
Now click Start
Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
Click Start
- Note: (the Onlinescanner will now prepare itself for running on your pc)
To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
Press Scan
The Onlinescan will now start and scan your pc (this could take a while)
When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
The Scanresults will now open in Notepad
Click into the text area, right-click and chose "select all" (or use <Control>+A)
Right-click again and chose "Copy" (or <Control>+C)
Close/Exit Notepad
Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
ESET OnlineScan's Log

BillyIII

Back to top of the page up there ^
MultiQuote
Reply

#9 LithIX

Newbie Member

Group: Member
Posts: 6
Joined: 31-December 08

Posted 05 January 2009 - 02:51 AM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3735 (20090104)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=751f4cc2a27226459a4e2d10866b68d1
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-04 11:00:34
# local_time=2009-01-05 01:00:34 (+0200, South Africa Standard Time)
# country="South Africa"
# osver=5.1.2600 NT Service Pack 3
# scanned=322114
# found=1
# scan_time=6715
C:\Qoobox\Quarantine\C\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe.vir Win32/AutoRun.Agent.FB worm (unable to clean - deleted) 00000000000000000000000000000000

Back to top of the page up there ^
MultiQuote
Reply

#10 Billy O'Neal

Visiting Staff

Group: Visiting Teacher
Posts: 629
Joined: 21-June 08
Gender:Male
Location:Northfield, Ohio
Interests:Programming, Malware Smashing

Posted 05 January 2009 - 03:46 AM

Hello, LithIX
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix

Please go to Start -> Run
Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
http://billy-oneal.com/Canned%20Speeches/speechimages/allclean/removecf.png
Press OK (Or hit enter).
Allow ComboFix to remove itself.

We Need to Clean Up Our Mess

Please download OTCleanIt from one of the following mirrors and save it to your desktop:
- Mirror 1
- Mirror A
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/allclean/otcleanitdesktopicon.png icon.
Push the large "Cleanup" button.
Allow your system to reboot.

Recommendations
Below are some recommendations to lower your chances of (re)infection.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.
Install the MVPs hosts file, and update it regularly
You can use the HostMan host file manager to do this automaticly if you wish.
For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
Install an Anti-Spyware program, and update it regularly
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
- Click the "Start Menu" (or Windows Orb)
- Click "All Programs"
- Click "Windows Update"
- On the left, choose "Change Settings"
- Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
- Press OK and accept the UAC prompt.
  Note: You shouldn't need to check this checkbox every single time you update, only the first time.
- Click "Check for Updates" in the upper left corner.
- Follow the instructions to install the latest updates.
- Reboot and repeat the "Check for Updates" until there are no more critical updates to install
Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

BillyIII

Back to top of the page up there ^
MultiQuote
Reply

#11 LithIX

Newbie Member

Group: Member
Posts: 6
Joined: 31-December 08

Posted 05 January 2009 - 02:22 PM

Great! Everything looks 100%

Thanx for your time, and in resolving the issue.

Kind regards
Daniel

This post has been edited by LithIX: 05 January 2009 - 02:23 PM

Back to top of the page up there ^
MultiQuote
Reply

#12 Billy O'Neal

Visiting Staff

Group: Visiting Teacher
Posts: 629
Joined: 21-June 08
Gender:Male
Location:Northfield, Ohio
Interests:Programming, Malware Smashing

Posted 06 January 2009 - 04:28 AM

Hello, LithIX
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII

Back to top of the page up there ^
MultiQuote
Reply

Page 1 of 1

You cannot start a new topic
This topic is locked

247fixes PC Help Forum: [Closed] Unknown infection - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Closed] Unknown infection Randomly created files, which tries to access the web

#1 LithIX

#2 Billy O'Neal

#3 LithIX

#4 Billy O'Neal

#5 LithIX

#6 Billy O'Neal

#7 LithIX

#8 Billy O'Neal

#9 LithIX

#10 Billy O'Neal

#11 LithIX

#12 Billy O'Neal

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

247fixes PC Help Forum: [Closed] Unknown infection - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Closed] Unknown infection Randomly created files, which tries to access the web

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users