[Resolved] Nasty Beagle, please help

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

3 Pages

1 2 3 >

Closed Topic

Start new topic

[Resolved] Nasty Beagle, please help, Small accident; big disaster!

Tom_q2356 View Member Profile	Oct 24 2009, 08:15 PM Post #1
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	Hello, I am in deep trouble this time after accidently installing Beagle or bagle into my system. A lot of my applications including zonealarm, spywareblaster, superantispyware, avast virus scanner and more got disabled; I received constant prompt like this "xxx.exe is not a valid win32 application." So far I've only fixed one up--Avast virus scanner--myself with Avast's own repair tool. Most of the infected applications look intact in the program files; however, very sadly they cannot be used, nor be uninstalled. When trying to uninstall each of them, I receied the same prompt, "xxx.exe is not a valid win32 application." The following are the bagle virus that got caught by "bitdefender" software; out of all, only one failed to be deleted and now could not be found in the system either; and that one is-- "C:\Documents and Settings\Others\Application Data\drivers\downld\wfsintwq.sys (Infected with: Win32.Bagle.Gen)." Bidefender did solve my internet connection problem cuased by Bagle infection though. Like I mentioned early on, many applications got disabled; so even hijackthis application is not working anymore. Please Help!! C:\Documents and Settings\Others\Application Data\drivers\downld\340780.exe (Infected with: Win32.Bagle.SVI) C:\Documents and Settings\Others\Application Data\drivers\downld\srosa2.sys (Infected with: Win32.Bagle.SWQ) C:\Documents and Settings\Others\Application Data\drivers\downld\wfsintwq.sys (Infected with: Win32.Bagle.Gen) C:\Documents and Settings\Others\Desktop\SoftForBa\Zone.Alarm.Pro.80059000.Incl.Key gen.SND\SND\ZoneAlarmProKeygen.exe (Infected with: Trojan.Generic.912879) C:\Program Files\IncrediMail\IncrediMail-Patch.exe (Infected with: Gen:Trojan.Heur.PT.nmX@b0PirEo) C:\WINDOWS\SYSTEM32\mdelk.exe (Infected with: Win32.Bagle.WUQ@mm) Finally, with a good friend's help, I have successfully reinstalled all missing or disabled programs, and the system seems to run very smoothly now. However, I still like to double check with you here because I trust everything WhattehTech says. Here is my new Hijackthis(It seems like there is at least one no name / no file thing on the list): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:09 AM, on 10/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\Program Files\reliz\akeys.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Startup Faster 2004\sfAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\DAP\DAP.EXE c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll O2 - BHO: ÖÐ¹ú¹¤ÉÌÒøÐÐBHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\strpfstcfg.exe" -run -SFAURUN -SFCURUN -SFAUSTARTUP -SFCUSTARTUP O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBTBar.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O15 - Trusted Zone: http://www.icbc.com.cn O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} (BlockHouse Class) - https://ebank.gdb.com.cn/perbank/js/CertKitAx.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johnzheng2356.spaces.live.com//Phot...ad/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222675051475 O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/...afeControls.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICBC Daemon Service - Unknown owner - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 17314 bytes This post has been edited by LDTate: Oct 27 2009, 10:15 AM

oldman960 View Member Profile	Oct 28 2009, 02:31 AM Post #2
SuperHelper Group: Classroom Teacher Posts: 5,751 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi Tom_q2356, welcome to the forum. To make cleaning this machine easier Please do not uninstall/install any programs unless asked to It is more difficult when files/programs are appearing in/disappearing from the logs. Please do not run any scans other than those requested Please follow all instructions in the order posted All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked. Do not attach any logs/reports, etc.. unless specifically requested to do so. If you have problems with or do not understand the instructions, Please ask before continuing. Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine. Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop Download OTListIt2 to your desktop. Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Please post back with GMER log both OTL logs Thanks

Tom_q2356 View Member Profile	Oct 29 2009, 09:01 PM Post #3
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-29 15:10:39 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Others\LOCALS~1\Temp\pwlcipog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEDD7E6B8] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEDEB38D0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEDEB06E0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEDD7E574] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEDEB3E90] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEDEBAC80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEDEBAE90] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEDEBED50] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEDEB3F80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEDEB0C70] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEDEBDD10] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEDD7EA52] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEDEBA600] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEDEBE230] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEDEBE2B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xEDEBEFD0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEDEB0AD0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEDD7E64E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEDEBC4F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEDEBC2B0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEDD7E76E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEDEBE970] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEDEBE3D0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEDEB34F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEDD7E72E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEDEB3AA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEDEB0EA0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEDD7E8AE] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEDEBB580] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEDEBB400] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [90, 3E, EB, ED, 80, AC, EB, ...] .text ntoskrnl.exe!_abnormal_termination + 150 804E27AC 4 Bytes JMP CB30EDD7 .text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 8 Bytes JMP 641F1798 .text ntoskrnl.exe!_abnormal_termination + 428 804E2A84 4 Bytes CALL F85A1860 ? srescan.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!SetWindowPos 7E4299F3 5 Bytes CALL 00BD1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!DrawIconEx 7E42CB84 5 Bytes CALL 00BD1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!GetIconInfo 7E42D427 5 Bytes CALL 00BD1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2324] USER32.dll!SetWindowPos 7E4299F3 5 Bytes CALL 01BF1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2324] USER32.dll!DrawIconEx 7E42CB84 5 Bytes CALL 01BF1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2324] USER32.dll!GetIconInfo 7E42D427 5 Bytes CALL 01BF1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\Documents and Settings\Others\Desktop\gmer.exe[3352] USER32.dll!SetWindowPos 7E4299F3 5 Bytes CALL 10001280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\Documents and Settings\Others\Desktop\gmer.exe[3352] USER32.dll!DrawIconEx 7E42CB84 5 Bytes CALL 10001280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) .text C:\Documents and Settings\Others\Desktop\gmer.exe[3352] USER32.dll!GetIconInfo 7E42D427 5 Bytes CALL 10001280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ ) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EDEC0870] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EDEB1320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EDEB14D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EDEB1040] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EDEB13D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1560] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002 IAT C:\WINDOWS\system32\services.exe[1560] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs UniShieldXP.sys AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Mup \Dfs UniShieldXP.sys Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\DefragFS \Device\RaxcoPerfectDisk UniShieldXP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 LMPC2.SYS (LMPC keyboard filter/FSPro Labs) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 LMPC2.SYS (LMPC keyboard filter/FSPro Labs) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \FileSystem\RAW \Device\RawTape UniShieldXP.sys Device \FileSystem\MRxDAV \Device\WebDavRedirector UniShieldXP.sys Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\Rdbss \Device\FsWrap UniShieldXP.sys Device \FileSystem\InCDfs \Device\InCDfsComm UniShieldXP.sys Device \FileSystem\Mup \Device\Mup UniShieldXP.sys Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\RAW \Device\RawDisk UniShieldXP.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver UniShieldXP.sys Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \FileSystem\MRxSmb \Device\LanmanRedirector UniShieldXP.sys Device \FileSystem\Npfs \Device\NamedPipe UniShieldXP.sys Device \FileSystem\Msfs \Device\Mailslot UniShieldXP.sys Device \Driver\AFD \Device\Afd UniShieldXP.sys Device \FileSystem\RAW \Device\RawCdRom UniShieldXP.sys Device \Driver\winachsf \Device\Winachsf0 UniShieldXP.sys Device \FileSystem\Mup \Device\WinDfs\Root UniShieldXP.sys Device \FileSystem\Fastfat \Fat UniShieldXP.sys Device \FileSystem\Fastfat \Fat EC68F297 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer UniShieldXP.sys Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer UniShieldXP.sys Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer UniShieldXP.sys Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer UniShieldXP.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer UniShieldXP.sys Device \FileSystem\InCDfs \GLOBAL??\BsUDF UniShieldXP.sys Device \FileSystem\Cdfs \Cdfs UniShieldXP.sys ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psnxml\OpenWithProgids@Post-it\xae Software Note File Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó` 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26\1xågâ\x2039 -535951356 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26\1xågâ\x2039\1x\x2022 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó` 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó` 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013 1 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7 0 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\AmandaFrDenmark.JPG 130869 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\AmandaFrDenmark1.JPG 134227 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 006.jpg 133135 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 007.jpg 128142 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 008.jpg 127443 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 009.jpg 130590 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 010.jpg 129863 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 062.jpg 126443 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 005.jpg 132813 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 011.jpg 132260 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 064.jpg 128900 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 103.jpg 125202 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2499.JPG 129415 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 001.jpg 127704 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 003.jpg 129776 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 004.jpg 130777 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 078.jpg 132623 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 098.jpg 128660 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 099.jpg 129588 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 100.jpg 130695 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 101.jpg 133467 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 102.jpg 132674 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DaveFrAustralia.JPG 124388 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2459.JPG 128308 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2463.JPG 129414 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2498.JPG 130915 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2686.JPG 121440 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2687.JPG 121997 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2688.JPG 122316 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2689.JPG 122487 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2702.JPG 127561 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2703.JPG 123939 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2704.JPG 125706 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2705.JPG 123733 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2706.JPG 128388 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\HelenFrSweden.JPG 130680 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\Thumbs.db 505856 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea 0 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2831.JPG 138454 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2868.JPG 272655 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2908.JPG 161182 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2762.JPG 196947 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2763.JPG 234654 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2764.JPG 235965 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2781.JPG 351839 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2782.JPG 325036 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2789.JPG 231626 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2790.JPG 240386 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2791.JPG 299088 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2792.JPG 306473 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2793.JPG 299486 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2799.JPG 157131 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2819.JPG 224708 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2820.JPG 153438 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2828.JPG 137662 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2830.JPG 128592 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2832.JPG 208005 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2833.JPG 233284 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2834.JPG 237137 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2835.JPG 212443 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2837.JPG 170434 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2838.JPG 215735 bytes File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2839.JPG 203759 bytes File C:\My Shared Folder\{MX}50.First.Dates.SVCD.TS-TCR(2of2).avi 188503654 bytes ---- EOF - GMER 1.0.15 ----

Tom_q2356 View Member Profile	Oct 29 2009, 09:02 PM Post #4
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	OTL logfile created on: 10/29/2009 3:17:21 PM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Others\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1022.98 Mb Total Physical Memory \| 549.71 Mb Available Physical Memory \| 53.74% Memory free 1.47 Gb Paging File \| 1.05 Gb Available in Paging File \| 71.40% Paging File free Paging file location(s): c:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 27.91 Gb Total Space \| 2.47 Gb Free Space \| 8.84% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Tom_q2356 Current User Name: Others Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Others\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe () PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Common Files\Stardock\SDMCP.exe (Stardock) PRC - C:\Program Files\CursorXP\CursorXP.exe ( ) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\reliz\akeys.exe (Softarium.com) PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.) PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) PRC - C:\Program Files\Startup Faster 2004\sfAgent.exe (URSoft,Inc) PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\Ati2evxx.exe () ========== Win32 Services (SafeList) ========== SRV - (6to4 [Auto \| Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation) SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (aswUpdSv [Auto \| Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Ati HotKey Poller [Auto \| Running]) -- C:\WINDOWS\System32\Ati2evxx.exe () SRV - (avast! Antivirus [Auto \| Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner [On_Demand \| Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner [On_Demand \| Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Diskeeper [Auto \| Running]) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (EPSONStatusAgent2 [Auto \| Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (getPlus® Helper [Disabled \| Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (hpqcxs08 [On_Demand \| Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto \| Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (ICBC Daemon Service [Auto \| Stopped]) -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe () SRV - (ICQ Service [Disabled \| Stopped]) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (InCDsrv [Auto \| Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe () SRV - (InteractiveLogon [Auto \| Stopped]) -- C:\WINDOWS\System32\Fast.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (MBAMService [Auto \| Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (p2pgasvc [On_Demand \| Stopped]) -- C:\WINDOWS\System32\p2pgasvc.dll (Microsoft Corporation) SRV - (PDAgent [On_Demand \| Stopped]) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.) SRV - (PDEngine [On_Demand \| Stopped]) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.) SRV - (rpcapd [On_Demand \| Stopped]) -- File not found SRV - (VideoAcceleratorService [Auto \| Running]) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) SRV - (vsmon [Auto \| Stopped]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (WMPNetworkSvc [Disabled \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Aavmker4 [System \| Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (AegisP [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (AgilentUSBCam [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\Atusbcam.sys (Agilent Technologies) DRV - (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (Aspi32 [Auto \| Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) DRV - (aswFsBlk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software) DRV - (aswMon2 [Auto \| Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswRdr [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswSP [System \| Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswTdi [System \| Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (bcm4sbxp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (BTCFilterService [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motfilt.sys (Motorola Inc) DRV - (Cdr4_xp [System \| Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (Cdralw2k [System \| Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (CMB8100 [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\CertClient.dat () DRV - (CMBProtector [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\CMBProtector.dat () DRV - (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (DCamUSBUVT [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbuvt.sys (IC Media Corporation) DRV - (DefragFS [Auto \| Running]) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (DirectDrv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\MotoVisionDP.sys (Mjtsai Corp) DRV - (FreshIO [On_Demand \| Stopped]) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys () DRV - (FsVga [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (giveio [Boot \| Running]) -- C:\WINDOWS\system32\giveio.sys () DRV - (HSF_DP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems) DRV - (HSFHWICH [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems) DRV - (i81x [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP3 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation) DRV - (iAimFP4 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation) DRV - (iAimTV0 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV1 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV3 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV4 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation) DRV - (icm10blk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\icm10blk.sys (Intel Corporation) DRV - (ICM10USB [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\ICM10USB.sys (Intel Corporation) DRV - (InCDfs [Disabled \| Running]) -- C:\WINDOWS\System32\drivers\incdfs.sys () DRV - (InCDPass [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software) DRV - (incdrm [System \| Running]) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG) DRV - (lf [Auto \| Running]) -- C:\Program Files\Everstrike\Lock Folder XP 3.2\UniShieldXP.sys () DRV - (LMPC2 [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\lmpc2.sys (FSPro Labs) DRV - (ManyCam [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ManyCam.sys (ManyCam LLC.) DRV - (MBAMProtector [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (MDC8021X [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (motccgp [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys (Motorola) DRV - (motccgpfl [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola) DRV - (MotDev [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys (Motorola Inc) DRV - (motmodem [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola) DRV - (MotoSwitchService [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motswch.sys (Motorola) DRV - (Motousbnet [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\Motousbnet.sys (Motorola) DRV - (MOTOVISION [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\motovision.sys (Windows ® 2000 DDK provider) DRV - (motport [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\motport.sys (Motorola) DRV - (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (ndiscm [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\NetSecCm.sys (Samsung Electronics Co., Ltd) DRV - (NTSPPPOE [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\ntspppoe.sys (Efficient Networks, Inc.) DRV - (nv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (omci [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (P2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\P2k.sys (Motorola Inc) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (RT2500 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\RT2500.sys (Ralink Technology Inc.) DRV - (RTL8187B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wg111v3.sys (Realtek Semiconductor Corporation ) DRV - (SASDIFSV [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand \| Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (SONYPVU1 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation) DRV - (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (speedfan [Boot \| Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider) DRV - (SPLITCAM [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\splitcam.sys (LoteSoft Co.) DRV - (srescan [Boot \| Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD) DRV - (STAC97 [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (StreamDispatcher [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems) DRV - (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (SynTP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (Tcpip6 [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation) DRV - (ultra [Disabled \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (Vcs [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\Vcs.sys () DRV - (vsdatant [System \| Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems) DRV - (ZD1211BU(TP-LINK) [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys (Atheros Technology Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Others\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\CursorXP\CurXP0.dll ( ) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://start.icq.com/" FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.5 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - user.js..browser.search.openintab: false FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 16:16:08 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/15 14:44:10 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/02/18 17:41:43 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/27 11:06:40 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/27 11:06:40 \| 00,000,000 \| ---D \| M] [2009/07/30 06:16:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Extensions [2008/12/10 15:58:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/07/30 06:16:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/10/14 15:05:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions [2009/07/03 18:31:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/08 20:40:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/07/17 11:28:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/07/13 17:12:02 \| 00,000,944 \| ---- \| M] () -- C:\Documents and Settings\Others\Application Data\Mozilla\FireFox\Profiles\8g1iwoqs.default\searchplugins\icqplugin.xml [2009/10/05 07:44:01 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/10/05 07:44:01 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009/09/27 11:06:40 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/07/15 14:45:11 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/09/27 11:06:32 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/27 11:06:32 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/07/15 14:44:07 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/09/27 11:06:34 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008/06/02 17:02:48 \| 00,200,704 \| ---- \| M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2009/02/27 12:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2006/08/10 14:23:23 \| 00,139,305 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008/06/05 00:16:39 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/06/05 00:16:40 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/06/05 00:16:40 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/06/05 00:16:40 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/06/05 00:16:41 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/06/05 00:16:41 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/06/05 00:16:41 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2006/08/10 14:23:55 \| 00,024,621 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2006/08/10 14:22:21 \| 00,081,967 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2007/03/10 07:16:44 \| 00,189,496 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2009/08/24 22:09:28 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/08/24 22:09:28 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/08/24 22:09:28 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/08/24 22:09:28 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/08/24 22:09:28 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/08/24 22:09:28 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/08/24 22:09:28 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (948077 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net] O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] O1 - Hosts: 127.0.0.1 phpadsnew.abac.com O1 - Hosts: 127.0.0.1 a.abnad.net O1 - Hosts: 127.0.0.1 b.abnad.net O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] O1 - Hosts: 127.0.0.1 d.abnad.net O1 - Hosts: 127.0.0.1 e.abnad.net O1 - Hosts: 127.0.0.1 t.abnad.net O1 - Hosts: 127.0.0.1 z.abnad.net O1 - Hosts: 127.0.0.1 banners.absolpublisher.com O1 - Hosts: 127.0.0.1 tracking.absolstats.com O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 gtb5.acecounter.com O1 - Hosts: 127.0.0.1 gtb19.acecounter.com O1 - Hosts: 27936 more lines... O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com) O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (PopKiller Class) - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll (SysShield Consulting, Inc.) O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll (??????) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (1-Click Answers) - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\Program Files\1-Click Answers\IEToolbar\AnswersToolbarU.dll (Answers Corporation) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (IncrediBar) - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar) O3 - HKLM\..\Toolbar: (AbsoluteShield) - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll (AbsoluteShield Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (IncrediBar) - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar) O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (1-Click Answers) - {7754C418-F62E-44AA-B169-E719E718BCFD} - C:\Program Files\1-Click Answers\IEToolbar\AnswersToolbarU.dll (Answers Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediBar) - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [StartupFaster] C:\Program Files\Startup Faster 2004\StrpFstCfg.exe (URSoft,Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartupFaster [2009/10/25 13:53:13 \| 00,000,000 \| -H-D \| M] O4 - Startup: C:\Documents and Settings\Others\Start Menu\Programs\Startup\StartupFaster [2009/08/02 10:26:11 \| 00,000,000 \| -H-D \| M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = strpfstcfg.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = newadmin.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm () O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 \| 00,000,000 \| ---D \| M] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm () O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm () O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Logoff - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm () O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 \| 00,000,000 \| ---D \| M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 \| 00,000,000 \| ---D \| M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 \| 00,000,000 \| ---D \| M] O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com) O9 - Extra Button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.) O15 - HKLM\..Trusted Domains: 72 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites) O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites) O15 - HKCU\..Trusted Domains: hotmail.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: live.com ([login] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([v4.Windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([v4.Windowsupdate] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([Windowsupdate] https in Trusted sites) O15 - HKCU\..Trusted Domains: msn.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: 432 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} https://ebank.gdb.com.cn/perbank/js/CertKitAx.cab (BlockHouse Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control) O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (Reg Error: Key error.) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://Tom_q23562356.spaces.live.com//Phot...ad/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab (Windows Live Safety Center Base Module) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222675051475 (MUWebControl Class) O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc.com.cn/icbc/newperbank/...afeControls.cab (AxSubmitControl Class) O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab (YbUploadFavsCtl Class) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8192.0495138889 (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (YAddBook Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab (MMRadioHostX Class) O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class) O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper) O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5) O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: Yahoo! MahJong Solitaire http://download.games.yahoo.com/games/clients/y/mjst4_x.cab (Reg Error: Key error.) O16 - DPF: Yahoo! Pool 2 http://download.games.yahoo.com/games/clients/y/pote_x.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\MCPClient: DllName - C:\Program Files\Common Files\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\mcpstub.dll (Stardock) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll () O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/24 11:42:39 \| 00,000,000 \| R--D \| M] - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{44ed95c0-c7f6-11db-bd3c-000bdb17272c}\Shell - "" = AutoRun O33 - MountPoints2\{44ed95c0-c7f6-11db-bd3c-000bdb17272c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44ed95c0-c7f6-11db-bd3c-000bdb17272c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/05 07:43:05 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009/10/06 23:31:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2009/10/15 21:41:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/10/23 08:17:57 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\Others\Application Data\drivers [2009/10/11 13:03:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Application Data\JAM Software [2009/10/15 22:58:56 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Application Data\Kingsoft [2009/10/23 17:14:39 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\Others\Application Data\m [2009/10/08 08:01:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Application Data\ManyCam [2009/10/08 17:50:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Application Data\uTorrent [2009/10/08 17:01:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Application Data\WebcamMax [2009/10/02 07:18:18 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Application Data\WinRAR [2009/10/26 09:40:10 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Deployment [2009/10/22 17:30:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Temp [2009/10/16 08:25:04 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Yahoo! [2009/10/05 20:39:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AGI [2009/10/06 23:26:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\DAP [2009/10/17 14:44:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Dream Aquarium [2009/10/05 07:38:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ICQ6.5 [2009/10/05 07:43:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ICQ6Toolbar [2009/10/24 22:08:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/08 08:01:35 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ManyCam 2.4 [2009/10/02 18:48:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft [2009/10/02 18:54:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Silverlight [2009/10/25 15:02:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MSECACHE [2009/10/06 23:40:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SpeedBit Video Accelerator [2009/10/08 23:31:05 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SplitCam [2009/10/25 21:12:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SpywareBlaster [2009/10/25 16:32:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/10/11 13:03:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\TreeSize Professional [2009/10/26 09:45:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/10/08 17:51:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\uTorrent [2009/10/02 07:10:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WinRAR [2009/10/15 22:30:58 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free [2009/10/25 16:17:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Zone Labs File not found -- C:\Documents and Settings\Others\Desktop\CAZBDPKE. [2009/10/29 12:34:40 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe [2009/10/24 22:08:15 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/24 22:08:12 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/24 11:01:41 \| 00,114,768 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/24 11:01:41 \| 00,020,560 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/24 10:54:42 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\BDOSCAN8 [2009/10/16 21:21:32 \| 00,058,768 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2009/10/16 21:21:29 \| 00,106,384 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2009/10/16 21:21:29 \| 00,069,008 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2009/10/16 21:21:19 \| 00,030,096 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2009/10/16 21:21:17 \| 01,221,008 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2009/10/16 21:21:17 \| 00,110,480 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll [2009/10/16 21:21:16 \| 00,310,160 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2009/10/16 21:21:16 \| 00,107,408 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2009/10/16 21:21:16 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\ZoneLabs [2009/10/16 21:21:14 \| 00,353,680 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2009/10/16 21:19:24 \| 00,216,464 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2009/10/16 21:19:24 \| 00,107,408 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll [2009/10/16 21:19:23 \| 00,475,536 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2009/10/16 21:17:51 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Internet Logs [2009/10/08 23:32:51 \| 00,013,824 \| ---- \| C] (LoteSoft Co.) -- C:\WINDOWS\System32\drivers\splitcam.sys [2009/10/08 02:17:51 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/10/06 23:31:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Others\My Documents\My DAP Downloads [2009/10/05 20:47:46 \| 00,017,272 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll ========== Files - Modified Within 30 Days ========== File not found -- C:\Documents and Settings\Others\Desktop\CAZBDPKE. [2009/10/29 12:34:44 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe [2009/10/29 12:32:42 \| 00,282,833 \| ---- \| M] () -- C:\Documents and Settings\Others\Desktop\gmer.zip [2009/10/29 09:21:21 \| 00,352,605 \| ---- \| M] () -- C:\WINDOWS\System32\vsconfig.xml [2009/10/29 09:19:53 \| 00,000,024 \| ---- \| M] () -- C:\WINDOWS\LogonStudio.ini [2009/10/29 09:14:14 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/10/29 09:13:59 \| 10,727,46496 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/28 11:36:06 \| 00,019,456 \| ---- \| M] () -- C:\Documents and Settings\Others\Desktop\Buyfurniture.doc [2009/10/26 11:50:56 \| 00,194,560 \| ---- \| M] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/26 09:46:45 \| 00,000,930 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job [2009/10/26 09:42:26 \| 00,000,482 \| ---- \| M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Others.job [2009/10/25 21:31:04 \| 00,000,424 \| ---- \| M] () -- C:\WINDOWS\NJCOM.INI [2009/10/25 16:27:18 \| 00,004,212 \| -H-- \| M] () -- C:\WINDOWS\System32\zllictbl.dat [2009/10/24 15:09:14 \| 00,000,999 \| ---- \| M] () -- C:\WINDOWS\WIN.INI [2009/10/24 15:09:14 \| 00,000,281 \| RHS- \| M] () -- C:\boot.ini [2009/10/24 15:09:14 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/23 18:12:04 \| 00,551,054 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/23 18:12:04 \| 00,475,446 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/10/23 18:12:04 \| 00,085,514 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/10/23 18:01:44 \| 00,948,077 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS [2009/10/23 17:27:11 \| 00,001,374 \| ---- \| M] () -- C:\WINDOWS\System32\WPA.DBL [2009/10/21 15:55:50 \| 00,016,758 \| ---- \| M] () -- C:\WINDOWS\ePrompter.ini [2009/10/17 19:37:35 \| 00,000,013 \| ---- \| M] () -- C:\WINDOWS\System32\WinSys32.crc [2009/10/17 13:41:34 \| 00,102,400 \| ---- \| M] () -- C:\WINDOWS\DreamAquarium.scr [2009/10/16 13:22:44 \| 00,291,328 \| ---- \| M] () -- C:\Documents and Settings\Others\Desktop\gmer.exe [2009/10/09 23:26:28 \| 00,000,021 \| ---- \| M] () -- C:\WINDOWS\System32\mylk.dat [2009/10/08 23:32:51 \| 00,013,824 \| ---- \| M] (LoteSoft Co.) -- C:\WINDOWS\System32\drivers\splitcam.sys [2009/10/08 22:35:02 \| 00,939,061 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20091023-180144.backup [2009/10/08 08:03:18 \| 00,001,568 \| ---- \| M] () -- C:\Documents and Settings\Others\Desktop\ManyCam 2.4.lnk [2009/10/06 23:31:26 \| 00,172,032 \| ---- \| M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\anigif.ocx [2009/10/05 20:46:57 \| 00,023,392 \| ---- \| M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/10/05 20:46:57 \| 00,016,832 \| ---- \| M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/10/03 02:01:57 \| 25,198,016 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/10/02 00:35:15 \| 00,209,696 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/29 23:37:34 \| 00,935,743 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20091001-234412.backup ========== Files - No Company Name ========== [2009/10/29 12:39:51 \| 00,291,328 \| ---- \| C] () -- C:\Documents and Settings\Others\Desktop\gmer.exe [2009/10/29 12:32:38 \| 00,282,833 \| ---- \| C] () -- C:\Documents and Settings\Others\Desktop\gmer.zip [2009/10/28 11:36:05 \| 00,019,456 \| ---- \| C] () -- C:\Documents and Settings\Others\Desktop\Buyfurniture.doc [2009/10/26 09:46:45 \| 00,000,930 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job [2009/10/26 09:11:30 \| 10,727,46496 \| -HS- \| C] () -- C:\hiberfil.sys [2009/10/24 22:10:21 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Others.job [2009/10/17 14:45:08 \| 00,094,208 \| ---- \| C] () -- C:\WINDOWS\Dream Aquarium.scr [2009/10/17 13:41:34 \| 00,102,400 \| ---- \| C] () -- C:\WINDOWS\DreamAquarium.scr [2009/10/16 21:21:14 \| 00,352,605 \| ---- \| C] () -- C:\WINDOWS\System32\vsconfig.xml [2009/10/08 23:31:14 \| 00,389,120 \| ---- \| C] () -- C:\WINDOWS\System32\actskn43.ocx [2009/10/08 17:00:02 \| 00,941,784 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys [2009/10/08 08:03:17 \| 00,001,568 \| ---- \| C] () -- C:\Documents and Settings\Others\Desktop\ManyCam 2.4.lnk [2009/09/11 13:15:03 \| 00,001,500 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/08/02 10:35:04 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\PIMAREG.INI [2009/03/30 21:20:41 \| 00,389,175 \| ---- \| C] () -- C:\WINDOWS\System32\RsaFun.dll [2009/03/30 21:20:41 \| 00,282,734 \| ---- \| C] () -- C:\WINDOWS\System32\NPCard.dll [2009/03/30 21:20:41 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\UnblkPIN.dll [2009/03/30 21:20:39 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\jcutilTdrUKLCD.dll [2009/03/30 21:20:38 \| 00,094,208 \| ---- \| C] () -- C:\WINDOWS\System32\jcutilHUAUK.dll [2009/03/30 21:20:38 \| 00,086,016 \| ---- \| C] () -- C:\WINDOWS\System32\jcutilHUAUKLCD.dll [2009/03/30 21:20:38 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\jcutilgem101101.dll [2009/03/30 21:20:36 \| 00,027,136 \| ---- \| C] () -- C:\WINDOWS\System32\jcinGEM102.dll [2009/03/30 21:20:34 \| 00,023,040 \| ---- \| C] () -- C:\WINDOWS\System32\jcidGEM102.dll [2009/03/30 21:20:33 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\hmukchk.dll [2009/03/30 21:20:31 \| 00,022,016 \| ---- \| C] () -- C:\WINDOWS\System32\GEMPIN01.dll [2009/03/30 21:20:30 \| 00,184,320 \| ---- \| C] () -- C:\WINDOWS\System32\GdApi.dll [2009/01/05 15:44:10 \| 00,000,453 \| ---- \| C] () -- C:\WINDOWS\bdoscandellang.ini [2008/12/15 17:34:20 \| 02,823,496 \| -H-- \| C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\IconCache.db [2008/12/06 17:42:17 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2008/12/06 17:42:17 \| 00,015,872 \| ---- \| C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2008/09/14 07:52:41 \| 00,094,208 \| ---- \| C] () -- C:\WINDOWS\System32\CmbSafeBase.dll [2008/09/14 07:52:40 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\PBHttpComm.dll [2006/09/03 19:18:39 \| 00,081,920 \| ---- \| C] () -- C:\WINDOWS\System32\jcinTHTFUK.dll [2006/09/03 19:18:38 \| 00,073,728 \| ---- \| C] () -- C:\WINDOWS\System32\jcidTHTFUK.dll [2006/09/03 19:18:38 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\jcinpublic.dll [2006/09/03 19:18:38 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\jcinHUAUK.dll [2006/09/03 19:18:38 \| 00,057,344 \| ---- \| C] () -- C:\WINDOWS\System32\jcidHUAUK.dll [2006/09/03 19:18:38 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\jcinGEM101.dll [2006/09/03 19:18:38 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\jcidGEM101.dll [2006/09/03 19:18:38 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\jcidGD84.dll [2006/09/03 19:18:38 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\jcinGD84.dll [2006/09/03 19:18:38 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\jcidWATCHK.dll [2006/09/03 19:18:37 \| 00,262,208 \| ---- \| C] () -- C:\WINDOWS\System32\GPKPCSC.dll [2006/09/03 19:18:37 \| 00,241,758 \| ---- \| C] () -- C:\WINDOWS\System32\GPKPIN.dll [2006/09/03 19:18:37 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\CEA_Crypt.dll [2006/09/03 19:18:37 \| 00,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\ChangPIN.dll [2006/09/03 19:18:36 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\jcinWATCHK.dll [2006/09/03 19:18:34 \| 00,057,344 \| ---- \| C] () -- C:\WINDOWS\System32\USBKey.dll [2006/08/21 00:37:59 \| 00,002,913 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/08/10 06:58:31 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\70681b24.dll [2006/08/10 06:58:28 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\System32\68af6bb3.dll [2006/07/10 18:19:56 \| 00,796,584 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2006/04/08 10:11:38 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\powerplayer.ini [2006/03/22 10:03:02 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\nero.INI [2006/03/21 19:47:12 \| 00,085,360 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\incdfs.sys [2006/02/27 18:06:40 \| 00,000,006 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt [2006/02/19 16:25:23 \| 00,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2006/02/14 17:25:44 \| 00,000,009 \| ---- \| C] () -- C:\WINDOWS\winxfigt.sys [2005/12/25 18:00:36 \| 00,001,125 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2005/11/16 10:40:42 \| 00,684,032 \| ---- \| C] () -- C:\WINDOWS\libeay32.dll [2005/11/16 10:40:42 \| 00,155,648 \| ---- \| C] () -- C:\WINDOWS\ssleay32.dll [2005/10/19 13:45:34 \| 00,014,848 \| ---- \| C] () -- C:\WINDOWS\System32\BASSMOD.dll [2005/10/19 12:57:04 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\AdvConfig.ini [2005/05/15 13:29:59 \| 00,163,712 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\vidstub.sys [2005/04/28 13:51:17 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\odlib.dll [2005/03/28 16:36:38 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\ConverterCore.INI [2005/02/11 23:36:33 \| 00,006,852 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\Vcs.sys [2005/01/21 10:52:56 \| 00,010,856 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/01/04 12:41:31 \| 00,000,214 \| ---- \| C] () -- C:\WINDOWS\Gurunet.ini [2005/01/03 14:25:15 \| 00,000,206 \| ---- \| C] () -- C:\WINDOWS\EurekaLog.ini [2004/12/25 10:46:48 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\eFaxView.ini [2004/12/03 16:54:11 \| 00,016,758 \| ---- \| C] () -- C:\WINDOWS\ePrompter.ini [2004/11/06 17:11:28 \| 00,000,806 \| ---- \| C] () -- C:\WINDOWS\UnitConverter.INI [2004/10/27 06:39:05 \| 03,375,104 \| ---- \| C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004/10/17 21:38:38 \| 05,144,064 \| ---- \| C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\70549405-1385-4dbb-9a1a-15a3af3d067b.msi [2004/10/08 08:08:11 \| 00,086,016 \| ---- \| C] () -- C:\WINDOWS\System32\stdsoap2.dll [2004/08/28 22:33:27 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\LogonStudio.ini [2004/08/28 22:30:55 \| 00,187,392 \| ---- \| C] () -- C:\WINDOWS\System32\JPGUtils.dll [2004/08/16 14:52:06 \| 00,397,312 \| ---- \| C] () -- C:\WINDOWS\System32\CMBEdit.dll [2004/07/30 16:20:41 \| 00,000,129 \| ---- \| C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\fusioncache.dat [2004/07/24 17:44:02 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/07/03 20:32:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\audio.INI [2004/07/03 20:20:24 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\srlink.ini [2004/07/03 20:20:24 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\System32\sx96.ini [2004/06/19 12:48:35 \| 00,000,067 \| ---- \| C] () -- C:\WINDOWS\morphexe.INI [2004/06/06 13:39:27 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/03 22:08:19 \| 00,000,478 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2004/06/03 21:44:16 \| 00,000,146 \| ---- \| C] () -- C:\WINDOWS\TBPlugin.INI [2004/06/03 21:44:16 \| 00,000,095 \| ---- \| C] () -- C:\WINDOWS\avconfig.ini [2004/05/26 10:30:32 \| 00,252,928 \| ---- \| C] () -- C:\WINDOWS\System32\astrolib32.dll [2004/05/25 12:11:43 \| 00,000,119 \| ---- \| C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2004/05/24 09:05:31 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\SIMAQU~1.INI [2004/04/03 16:53:17 \| 00,000,037 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/03/09 14:50:36 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\ICMSetup532.dll [2004/03/09 14:50:34 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\8532util.dll [2004/02/03 21:09:07 \| 00,000,093 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2003/10/16 10:48:44 \| 00,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2003/10/14 18:43:32 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2003/09/05 18:18:30 \| 00,000,048 \| ---- \| C] () -- C:\WINDOWS\Sierra.ini [2003/05/27 14:49:00 \| 00,041,984 \| ---- \| C] () -- C:\WINDOWS\System32\AQalphaGL.dll [2003/05/19 09:12:28 \| 00,061,678 \| ---- \| C] () -- C:\Documents and Settings\Others\Application Data\PFP100JPR.{PB [2003/05/19 09:12:28 \| 00,012,358 \| ---- \| C] () -- C:\Documents and Settings\Others\Application Data\PFP100JCM.{PB [2003/05/14 19:48:08 \| 00,000,068 \| ---- \| C] () -- C:\WINDOWS\FastAIT.INI [2003/05/05 10:31:44 \| 00,001,663 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2003/05/01 20:01:48 \| 00,000,424 \| ---- \| C] () -- C:\WINDOWS\NJCOM.INI [2003/05/01 12:15:04 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\NtsUninstall.ini [2003/05/01 11:39:32 \| 00,000,068 \| ---- \| C] () -- C:\WINDOWS\XDICT.INI [2003/04/25 14:17:43 \| 00,194,560 \| ---- \| C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2003/04/13 17:47:44 \| 00,000,095 \| ---- \| C] () -- C:\WINDOWS\ntsautodial.ini [2003/03/31 02:02:18 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Others\Application Data\DESKTOP.INI [2003/03/31 02:02:09 \| 00,058,504 \| ---- \| C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2003/03/19 01:01:19 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/03/19 00:46:32 \| 00,000,185 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2003/03/19 00:46:28 \| 00,000,779 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2003/03/19 00:34:19 \| 00,000,892 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2003/03/19 00:06:10 \| 00,000,310 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2002/09/04 00:39:08 \| 00,056,880 \| ---- \| C] () -- C:\WINDOWS\System32\scvideo.dll [2002/09/03 22:59:58 \| 00,000,999 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2002/09/03 22:50:58 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2002/09/03 22:50:46 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2002/03/21 15:39:02 \| 00,073,728 \| ---- \| C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2001/10/08 18:59:28 \| 00,000,821 \| ---- \| C] () -- C:\WINDOWS\txp-lcn.ini [2001/10/08 13:24:26 \| 00,148,544 \| ---- \| C] () -- C:\WINDOWS\System32\msvdm.dll [2001/10/08 12:59:46 \| 00,016,960 \| ---- \| C] () -- C:\WINDOWS\System32\mag.dll [2000/11/24 18:05:06 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\Cpuinfo2.dll [1999/03/16 17:32:33 \| 00,000,136 \| ---- \| C] () -- C:\WINDOWS\System32\mstraps.dll [1999/01/22 11:46:56 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1996/04/04 03:33:26 \| 00,005,248 \| ---- \| C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2009/10/16 18:58:12 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2006/04/10 14:31:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2009/10/05 20:39:41 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\agi [2009/10/29 12:27:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2003/03/19 00:37:43 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2009/07/28 15:35:25 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Effexis Software [2008/01/04 19:03:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/10/05 07:43:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2006/04/19 22:30:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2005/01/21 14:50:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Keyhole [2008/09/07 11:51:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft [2006/01/03 15:00:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Macrovision [2009/10/23 17:18:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\mcache [2003/04/08 22:51:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2005/01/24 10:06:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RoboForm [2003/03/19 00:36:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2006/02/09 12:20:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2009/10/06 23:40:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2006/04/11 13:26:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2009/10/29 12:37:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/01/29 13:29:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/15 21:41:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/10/25 21:41:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data [2004/05/28 21:37:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\3M [2008/09/07 09:36:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\AccurateRip [2006/04/10 14:40:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\ACD Systems [2006/10/15 09:35:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Avant Browser [2009/10/27 23:55:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Babylon [2009/07/03 11:49:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Camfrog [2003/10/10 20:14:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Corel [2004/09/27 15:14:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\COWON [2009/07/29 23:30:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\DMCache [2009/10/24 11:36:19 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\Others\Application Data\drivers [2009/07/28 15:35:25 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Effexis Software [2009/07/12 14:39:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Fetion [2005/03/16 16:39:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\GlobalSCAPE [2009/03/26 20:20:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\ICQ [2006/05/17 17:10:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\ICQLite [2009/07/29 23:13:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\IDM [2008/01/19 18:30:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\IE7Pro [2008/04/12 23:39:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\IEPro [2006/04/29 10:18:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Inbit [2003/04/03 23:05:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\InterVideo [2006/04/19 22:35:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Intuit [2009/10/11 13:03:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\JAM Software [2004/02/01 22:35:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Jasc [2005/01/21 14:50:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Keyhole [2009/10/15 22:58:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Kingsoft [2004/05/28 10:17:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Kontiki [2006/09/17 09:01:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Leadertech [2009/10/09 01:19:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\LimeWire [2009/10/23 20:48:21 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\Others\Application Data\m [2009/10/08 08:03:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\ManyCam [2008/01/24 14:23:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\MiniDm [2007/12/12 21:02:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\MSN6 [2009/06/23 09:41:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\NJStar [2005/04/21 23:21:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Opera [2004/11/06 13:17:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\PeerNetworking [2006/04/08 10:12:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\ppStream [2005/02/15 20:54:25 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\RhinoSoft.com [2003/03/31 02:28:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Roxio [2004/11/23 17:47:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Secretmaker [2006/10/14 08:17:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Sereniti [2009/10/29 12:36:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\SlimBrowser [2005/05/21 12:11:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Softarium.com [2005/03/14 18:05:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Software602 [2009/09/16 22:52:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\SolidDocuments [2005/05/01 01:06:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Sony [2005/01/18 15:29:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\STOIK [2009/10/14 10:48:43 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\U3 [2009/10/23 18:10:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\uTorrent [2008/01/24 14:23:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\WeatherWatcher [2008/12/08 21:39:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\WeatherWatcherLive [2009/10/08 17:01:43 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\WebcamMax [2005/01/13 14:34:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\Webshots [2005/12/28 13:10:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\WinPatrol [2009/08/03 11:15:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Others\Application Data\wsInspector [2009/09/14 00:33:55 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2002/08/29 19:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2006/10/01 09:00:02 \| 00,000,308 \| ---- \| M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job [2005/03/21 09:00:00 \| 00,000,368 \| ---- \| M] () -- C:\WINDOWS\Tasks\FreshDiagnose Report.job [2009/10/26 09:46:45 \| 00,000,930 \| ---- \| M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job [2009/10/26 09:42:26 \| 00,000,482 \| ---- \| M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Others.job [2006/12/08 18:16:30 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/05/21 00:27:05 \| 00,000,424 \| -H-- \| M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 284 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28BB1CE8 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5 < End of report > This post has been edited by Tom_q2356: Oct 29 2009, 09:07 PM

Tom_q2356 View Member Profile	Oct 29 2009, 09:09 PM Post #5
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	OTL Extras logfile created on: 10/29/2009 3:17:21 PM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Others\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1022.98 Mb Total Physical Memory \| 549.71 Mb Available Physical Memory \| 53.74% Memory free 1.47 Gb Paging File \| 1.05 Gb Available in Paging File \| 71.40% Paging File free Paging file location(s): c:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 27.91 Gb Total Space \| 2.47 Gb Free Space \| 8.84% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Tom_q2356 Current User Name: Others Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.) Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [JPEGScan] -- blank File not found Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP::Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP::Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP::Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP::Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "25:TCP" = 25:TCP::Enabled:File and Printer Sharing "8529:TCP" = 8529:TCP::Enabled:yduq ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe::Enabled:TrueVector Service -- (Check Point Software Technologies LTD) "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe::Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe::Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe::Enabled:PPLive -- File not found "C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe::Enabled:MiniDM -- (IE7Pro.com) "C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe::Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe::Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes -- (Apple Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe::Enabled:ICQ6 -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\KWMUSIC\KwMusic.exe" = C:\Program Files\KWMUSIC\KwMusic.exe::Enabled:¿áÎÒÒôÀÖºÐ -- (????) "C:\Program Files\KWMUSIC\KwMV.exe" = C:\Program Files\KWMUSIC\KwMV.exe::Enabled:¿áÎÒMV´«ÊäÒýÇæ -- () "C:\Program Files\China Mobile\Fetion\FetionFX.exe" = C:\Program Files\China Mobile\Fetion\FetionFX.exe::Enabled:Fetion -- (China Mobile) "C:\Program Files\China Mobile\Fetion\VMDotNet\v2.0.50727\FetionVM.exe" = C:\Program Files\China Mobile\Fetion\VMDotNet\v2.0.50727\FetionVM.exe::Enabled:FetionVM -- (China Mobile) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe::Enabled:ICQ6 -- (ICQ, LLC.) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0712667C-A171-49AE-A098-4ACDA28625F8}" = Sony Sound Forge 7.0 "{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0F6A7971-0F11-4A79-A0E9-133D0963A570}" = ISO Recorder "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1a8b4ccf-4f49-4210-89e3-4b31141493b0}" = RelevantKnowledge "{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 "{38B122B2-3257-4E43-BD51-327599ECBA46}" = 中国工商银行防钓鱼软件 "{395131D0-71C3-4411-8DDD-84E7A4EC8754}" = Intellisync® for Yahoo! "{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}" = ICM532 "{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect "{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300 "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional "{7CF065E2-7816-4440-9019-034A2285F9DF}" = Tweak-XP "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{82C8658D-58A9-4855-ADF2-2448C9410F29}" = Internet PrintWhere 2.6 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95F62044-BD5E-44DC-928E-8224297E9B4B}" = Lock Folder XP v3.2 "{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD "{98FDC595-92B3-48D5-80D6-FE7AABD9191B}_is1" = Weather Watcher Live "{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8 "{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3 "{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B98B1E3C-B6BE-40C3-993F-B96E4E1D1486}" = ICBC NetBank Client Controls "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando "{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8 "{C46A5F24-B91F-477C-B634-DB99A7D7792A}" = TablePCRT "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D6B79F07-62D1-46C9-A225-625ACC748144}" = Diskeeper Professional Premier Edition "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro "{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00 "1-Click Answers" = 1-Click Answers "AbsoluteShield File Shredder_is1" = AbsoluteShield File Shredder "AbsoluteShield Internet Eraser Pro_is1" = AbsoluteShield Internet Eraser Pro "Ace Utilities_is1" = Ace Utilities 2.4.1 "Active Security Monitor_is1" = Active Security Monitor 1.0.0.315 "Active WebCam" = Active WebCam "ActiveXControlPad" = Microsoft ActiveX Control Pad "AddWeb 7 Pro" = AddWeb 7 Pro "Adobe AIR" = Adobe AIR "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AI RoboForm" = AI RoboForm (All Users) "AMF Daily Planner and PIM" = AMF Daily Planner and PIM "AQ3D" = Aquatica 3D "AqSceneMaker" = Aquatica Scenery Maker "Aquatica3" = Aquatica 3 "Ashampoo UnInstaller Platinum 2" = Ashampoo UnInstaller Platinum 2 "Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.30 "AskPBar Uninstall" = Ask Toolbar "ATI Display Driver" = ATI Display Driver "AV Voice Changer Software 3.0" = AV Voice Changer Software 3.0 "AvantBrowser" = Avant Browser (remove only) "avast!" = avast! Antivirus "Babylon" = Babylon "BadCopy Pro" = BadCopy Pro "BCDP7_is1" = Business Card Designer Plus 7.3.0.0 "Biz-Plan" = Biz-Plan "BootSkin" = BootSkin "Camfrog 5.3" = Camfrog Video Chat 5.3 "Camfrog Server 3.2" = Camfrog Server 3.2 (remove only) "CCleaner" = CCleaner (remove only) "CMBPB40" = ÕÐÐÐ×¨Òµ°æ "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem "CoffeeCup HTML Editor" = CoffeeCup HTML Editor "CursorXP" = CursorXP "Customizer XP_is1" = Customizer XP "CyberBuddy" = CyberBuddy "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "DesktopX Professional" = DesktopX Professional "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "DreamAqua" = Dream Aquarium "DSBACK1_is1" = Additional Background Pack 1 "DSCLIP1_is1" = Additional Clipart Pack 1 "DSCLIPBW_is1" = Additional Clipart Pack BW "Easy Video Joiner_is1" = Easy Video Joiner 5.21 "ePrompter" = ePrompter "Fetion" = Fetion 2008 "FileSpecs extension for Ad-aware 6" = FileSpecs extension for Ad-aware 6 "Flight Simulator Screensaver" = Flight Simulator Screensaver 0.9 "Free Internet TV_is1" = Free Internet TV v3.5 "FreshDevices - FreshDiagnose_is1" = FreshDiagnose "FTP Voyager_is1" = FTP Voyager 11.0 "FunPhotor_is1" = FunPhotor 6.0 "GetRight Pro" = GetRight Pro "Good Sync_is1" = Good Sync version 4.6.10 "HexDump extension for Ad-aware 6" = HexDump extension for Ad-aware 6 "Highway Pursuit_is1" = Highway Pursuit "HijackThis" = HijackThis 2.0.2 "Holding Pattern" = Holding Pattern Screen Saver "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "IconPackager" = IconPackager "ICQToolbar" = ICQ Toolbar "iDailyDiary_is1" = iDailyDiary 3.52 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IE7Pro" = IE7Pro "ie8" = Windows Internet Explorer 8 "imageN 1.4b_is1" = imageN 1.4b "InCD!UninstallKey" = Ahead InCD "IncrediBar" = IncrediBar "IncrediMail" = IncrediMail Xe "InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite "InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter "InstallShield_{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional "Konvertor" = Konvertor "KwMusic" = Ð¶ÔØ¿áÎÒÒôÀÖºÐ "LDPD7_is1" = Label Designer Plus DELUXE 7.3.0.0 "LimeWire" = LimeWire PRO 5.2.8 "LogonStudio" = LogonStudio "LSP Explorer Pluginfor Ad-aware 6" = LSP Explorer Pluginfor Ad-aware 6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Messenger Control Plugin for Ad-aware" = Messenger Control Plugin for Ad-aware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705 "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "MRW!UninstallKey" = Ahead InCD EasyWrite Reader "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "myBabylon_English Toolbar" = myBabylon_English Toolbar "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "Nero BurnRights!UninstallKey" = Ahead Nero BurnRights "NeroVision!UninstallKey" = Ahead NeroVision Express "NJStar Communicator" = NJStar Communicator "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NMIX!UninstallKey" = Ahead NeroMIX "ObjectDock Plus" = ObjectDock Plus "phoenix.zip" = phoenix.zip "Picasa 3" = Picasa 3 "PSN" = Post-it® Software Notes "RealPlayer 6.0" = RealPlayer "Registry Mechanic_is1" = Registry Mechanic 8.0 "SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2 "ShenProfessional 3.0" = ShenProfessional 3.0 "Shop for HP Supplies" = Shop for HP Supplies "SimAQUARIUM2 Free_is1" = SimAQUARIUM2 Free "SlimBrowser" = SlimBrowser (remove only) "SpeedBit Video Accelerator" = SpeedBit Video Accelerator "SpeedFan" = SpeedFan (remove only) "SpywareBlaster_is1" = SpywareBlaster 4.2 "SpywareGuard_is1" = SpywareGuard v2.2 "Startup Faster! 2004_is1" = Startup Faster! 2004 "SwitchOff" = Switch Off "Synacast Plug-in" = Synacast Plug-in 1.1.0.7 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teleport Pro" = Teleport Pro "TimeLeft 2.16_is1" = TimeLeft FREEWARE edition "Trash Killer" = Trash Killer 2 "TreeSize Professional 5.0_is1" = TreeSize Professional 5.0 "Trillian" = Trillian "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "TypingMaster Pro" = TypingMaster Pro "TZ Connection Booster_is1" = TZ Connection Booster 2.6 "UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets "uTorrent" = µTorrent "Vital Desktop" = Vital Desktop (remove only) "Volutive 1" = Volutive 1 "vTuner Plus" = vTuner Plus "Water Screen Saver" = Water Screen Saver 1.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Weather Watcher_is1" = Weather Watcher "Webshots Desktop_is1" = Webshots Desktop "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar for Internet Explorer "Windows Live Safety scanner" = Windows Live Safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows Scheduler_is1" = System Scheduler 3.31 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinISO_is1" = WinISO 5.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinMPG Video Convert 3.1" = WinMPG Video Convert 3.1 "WinPatrol" = WinPatrol "WinRAR archiver" = WinRAR archiver "WinZip" = WinZip "WinZip Self-Extractor" = WinZip Self-Extractor "Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WordPerfect Office 2002" = WordPerfect Office 2002 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X1 Desktop Search" = X1 "Yahoo! Anti-Spy" = Yahoo! Anti-Spy "Yahoo! Central" = Yahoo! Central "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Customizations" = Yahoo! Browser Services "Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete "Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7 "Yahoo! Toolbar" = Yahoo! Toolbar "Yahoo! Widget Engine" = Yahoo! Widgets "YInstHelper" = Yahoo! Install Manager "ymb" = Yahoo! Mail Quick Select Tool (PhotoMail) "ZoneAlarm Pro" = ZoneAlarm Pro ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 011.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 015.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 016.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 017.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 018.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 019.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 020.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 021.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 023.jpg failed, 00000005. Error - 1/2/2009 12:41:27 PM \| Computer Name = Tom_q2356 \| Source = avast! \| ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 024.jpg failed, 00000005. [ Application Events ] Error - 10/23/2009 6:11:54 AM \| Computer Name = Tom_q2356 \| Source = LoadPerf \| ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 5430, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 10/23/2009 6:11:54 AM \| Computer Name = Tom_q2356 \| Source = LoadPerf \| ID = 3011 Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section. Error - 10/23/2009 6:12:00 AM \| Computer Name = Tom_q2356 \| Source = LoadPerf \| ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 5430, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 10/23/2009 6:12:00 AM \| Computer Name = Tom_q2356 \| Source = LoadPerf \| ID = 3011 Description = Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The Error code is the first DWORD in Data section. Error - 10/23/2009 6:12:02 AM \| Computer Name = Tom_q2356 \| Source = LoadPerf \| ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 5430, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 10/23/2009 6:14:15 AM \| Computer Name = Tom_q2356 \| Source = Application Error \| ID = 1000 Description = Faulting application wuauclt.exe, version 7.2.6001.788, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x000209b1. Error - 10/23/2009 10:57:54 PM \| Computer Name = Tom_q2356 \| Source = Application Error \| ID = 1000 Description = Faulting application f-bagle.exe, version 1.0.14.0, faulting module f-bagle.exe, version 1.0.14.0, fault address 0x000013fc. Error - 10/25/2009 2:44:09 AM \| Computer Name = Tom_q2356 \| Source = Application Error \| ID = 1000 Description = Faulting application vsmon.exe, version 8.0.59.0, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 10/26/2009 9:38:48 PM \| Computer Name = Tom_q2356 \| Source = Google Update \| ID = 20 Description = Error - 10/29/2009 2:32:21 AM \| Computer Name = Tom_q2356 \| Source = Google Update \| ID = 20 Description = [ System Events ] Error - 10/28/2009 9:31:03 AM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 10/28/2009 9:31:03 AM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Error - 10/28/2009 9:32:08 AM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7034 Description = The ICBC Daemon Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/28/2009 9:18:54 PM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7000 Description = The Parallel port driver service failed to start due to the following error: %%1058 Error - 10/28/2009 9:18:54 PM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7001 Description = The InteractiveLogon service depends on the Terminal Services service which failed to start because of the following error: %%1058 Error - 10/28/2009 9:20:53 PM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 10/28/2009 9:20:53 PM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Error - 10/28/2009 9:21:36 PM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7034 Description = The ICBC Daemon Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/29/2009 12:37:15 AM \| Computer Name = Tom_q2356 \| Source = bcm4sbxp \| ID = 327684 Description = Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected. Error - 10/29/2009 12:37:54 AM \| Computer Name = Tom_q2356 \| Source = Service Control Manager \| ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. < End of report >

oldman960 View Member Profile	Oct 30 2009, 03:59 AM Post #6
SuperHelper Group: Classroom Teacher Posts: 5,751 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield Do not copy the word CODE , please note the script starts with the : CODE :filefind Ati2evxx.exe :file C:\WINDOWS\System32\Ati2evxx.exe Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Next Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic. To ensure the entire contents are copied, right click anywhere in the notepad and click Select All Right click the highlited text and click copy Please read through the instructions to familarize youself with what to expect when the tool runs. It is vitally important that combofix is renamed before it is even started to download Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop If you are using Firefox, make sure that your download settings are as follows: -Tools->Options->Main tab -Set to "Always ask me where to Save the files". During the download, before you save it to your desktop, rename Combofix to jgh.exe It is important you rename Combofix during the download, but not after. Please do not rename Combofix to other names, but only to the one indicated. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Double click on ComboFix.exe(renamed to jgh.exe) & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes:** 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b] Please post back with SystemLook log Win32kDiag.txt combofix log How is the computer? Thanks

Tom_q2356 View Member Profile	Oct 30 2009, 11:58 AM Post #7
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	Hi Oldman960, I am sorry I did not read carefully before I downloaded combofix. Could you please tell me how to uninstall combofix so that I can redownload it and save as a different name during download? Thanks! SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 07:44 on 30/10/2009 by Others (Administrator - Elevation successful) ========== filefind ========== Searching for "Ati2evxx.exe" Running from: C:\Documents and Settings\Others\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Others\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

oldman960 View Member Profile	Oct 30 2009, 01:17 PM Post #8
SuperHelper Group: Classroom Teacher Posts: 5,751 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi Tom_q2356, Just locate combofix.exe on your desktop, right click it and select delete. The SystemLook log doesn't look right. Please run it again. Then run combofix. Thanks

Tom_q2356 View Member Profile	Oct 30 2009, 04:27 PM Post #9
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 11:28 on 30/10/2009 by Others (Administrator - Elevation successful) ========== filefind ========== Searching for "Ati2evxx.exe" C:\I386\ati2evxx.exe --a--- 147456 bytes [22:12 26/03/2003] [04:22 08/11/2002] 61B40A0C3D725DBDCBC6999DD6BA4A4F C:\WINDOWS\SYSTEM32\ati2evxx.exe --a--- 147456 bytes [06:00 01/01/1980] [04:22 08/11/2002] 61B40A0C3D725DBDCBC6999DD6BA4A4F ========== file ========== C:\WINDOWS\System32\Ati2evxx.exe - File found and opened. MD5: 61B40A0C3D725DBDCBC6999DD6BA4A4F Created at 06:00 on 01/01/1980 Modified at 04:22 on 08/11/2002 Size: 147456 bytes Attributes: --a--- -=End Of File=-

Tom_q2356 View Member Profile	Oct 30 2009, 04:36 PM Post #10
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	ComboFix 09-10-28.08 - Others 10/30/2009 11:45.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.562 [GMT 8:00] Running from: c:\documents and settings\Others\Desktop\jgh.exe AV: avast! antivirus 4.8.1351 [VPS 091030-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Pro Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Others\Application Data\drivers\downld c:\documents and settings\Others\Application Data\drivers\downld\364634.exe c:\documents and settings\Others\Application Data\drivers\downld\400175.exe c:\documents and settings\Others\Application Data\drivers\downld\447142.exe c:\documents and settings\Others\Application Data\drivers\downld\451549.exe c:\documents and settings\Others\Application Data\drivers\downld\452921.exe c:\documents and settings\Others\Application Data\drivers\downld\512116.exe c:\documents and settings\Others\Application Data\drivers\downld\513458.exe c:\documents and settings\Others\Application Data\drivers\downld\513979.exe c:\documents and settings\Others\Application Data\drivers\downld\580825.exe c:\documents and settings\Others\Application Data\drivers\downld\588195.exe c:\documents and settings\Others\Application Data\drivers\downld\592762.exe c:\documents and settings\Others\Application Data\drivers\winupgro.exe c:\documents and settings\Others\Application Data\m c:\documents and settings\Others\Application Data\m\data.oct c:\documents and settings\Others\Application Data\m\list.oct c:\documents and settings\Others\Application Data\m\shared\3D Water Effects 1.0 (Crack).zip c:\documents and settings\Others\Application Data\m\shared\5_Card_Slingo_Deluxe_1.zip c:\documents and settings\Others\Application Data\m\shared\A-one_DVD_to_MP3_Ripper_4.22.zip c:\documents and settings\Others\Application Data\m\shared\AcidSpider_1.08.zip c:\documents and settings\Others\Application Data\m\shared\Adolix_PDF_Converter_PRO_3.2.zip c:\documents and settings\Others\Application Data\m\shared\Agree DIVX XVID AVI to WMV DVD Converter 4.0.zip c:\documents and settings\Others\Application Data\m\shared\AIAB_(Am_I_a_Bot)_1.1.zip c:\documents and settings\Others\Application Data\m\shared\ALTools Lunar Zodiac Snake Wallpaper 2005 Key.zip c:\documents and settings\Others\Application Data\m\shared\Amethyst_PLT-2-DWG_2.01_KeyGen.zip c:\documents and settings\Others\Application Data\m\shared\Another_ViewPoint_5.01.zip c:\documents and settings\Others\Application Data\m\shared\Another_Volume_Control_Widget_1.0.zip c:\documents and settings\Others\Application Data\m\shared\ApexSQL Code 2008.04.zip c:\documents and settings\Others\Application Data\m\shared\Apollo_Missions_1.0_(Key+Serial).zip c:\documents and settings\Others\Application Data\m\shared\Aptcode Media Manager 1.2.19.zip c:\documents and settings\Others\Application Data\m\shared\AutoRun Wizard 2.03.zip c:\documents and settings\Others\Application Data\m\shared\AutoTag 7.1.24.0.zip c:\documents and settings\Others\Application Data\m\shared\AVCutty_2.4e.zip c:\documents and settings\Others\Application Data\m\shared\AVG.Anti.Spyware.v7.5.0.47.Multilanguage.Cracked-CRD.zip c:\documents and settings\Others\Application Data\m\shared\AVG_Anti-Spyware_Plus_7.5.0.50.zip c:\documents and settings\Others\Application Data\m\shared\AVS_Video_to_GO_2.1.1.102_(KeyGen).zip c:\documents and settings\Others\Application Data\m\shared\axsImaging 2.0.1.zip c:\documents and settings\Others\Application Data\m\shared\Bernard_and_Hank_1.2.zip c:\documents and settings\Others\Application Data\m\shared\Bitrate Broadcast Calculator 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Blue Theme 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Budget Advisor 2.26.zip c:\documents and settings\Others\Application Data\m\shared\ccfilechecker 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Cd_Autoplay_Gen_2.0_(Serial).zip c:\documents and settings\Others\Application Data\m\shared\Chess3D_2.01.zip c:\documents and settings\Others\Application Data\m\shared\Christmas Weather Report Screensaver 1.2.1.zip c:\documents and settings\Others\Application Data\m\shared\CL_Buddy_2.2.zip c:\documents and settings\Others\Application Data\m\shared\Clippy 1.2.0 Build 20616.zip c:\documents and settings\Others\Application Data\m\shared\Crystal XP 0.21 Prebuild.zip c:\documents and settings\Others\Application Data\m\shared\Data ASAP 3.3.37.zip c:\documents and settings\Others\Application Data\m\shared\DataTierHelper_1.0.zip c:\documents and settings\Others\Application Data\m\shared\DB_Explorer_3.0.0.zip c:\documents and settings\Others\Application Data\m\shared\Disk Space Monitor 1.0 b4.zip c:\documents and settings\Others\Application Data\m\shared\DiskArcher_Backup_Utility_2.21.zip c:\documents and settings\Others\Application Data\m\shared\Double-Click to Reload Tabs 1.1.1.zip c:\documents and settings\Others\Application Data\m\shared\Ease Video Converter 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Ease_CD_Ripper_1.50_KeyGen.zip c:\documents and settings\Others\Application Data\m\shared\ePodcast_Express_1.0.25_[Key].zip c:\documents and settings\Others\Application Data\m\shared\Excel2HTML_Interactive_1.0.zip c:\documents and settings\Others\Application Data\m\shared\Excelsior Installer 1.8.zip c:\documents and settings\Others\Application Data\m\shared\ExtraSMS 1.7.zip c:\documents and settings\Others\Application Data\m\shared\Fast Soft Knee Limiter 1.0.zip c:\documents and settings\Others\Application Data\m\shared\File Topper 1.01.zip c:\documents and settings\Others\Application Data\m\shared\Fish_Tycoon_1.1.zip c:\documents and settings\Others\Application Data\m\shared\Flashcard_Tables_1.09_Serial.zip c:\documents and settings\Others\Application Data\m\shared\Free and Easy Biorhythm Calculator 3.011.zip c:\documents and settings\Others\Application Data\m\shared\General Aviation 3 1.1.zip c:\documents and settings\Others\Application Data\m\shared\Gravitational Lensing 1.00.zip c:\documents and settings\Others\Application Data\m\shared\Habu_(formerly_Okopipi)_1.8.6.2.zip c:\documents and settings\Others\Application Data\m\shared\Haxial TextEdit 1.700.zip c:\documents and settings\Others\Application Data\m\shared\honestech_MPEG_Encoder_6.0_[Key].zip c:\documents and settings\Others\Application Data\m\shared\Hot_Rod_Cars_Screensaver_4.0.zip c:\documents and settings\Others\Application Data\m\shared\HX_CLoK 1.0.0.0.zip c:\documents and settings\Others\Application Data\m\shared\HydraIRC 0.3.160.zip c:\documents and settings\Others\Application Data\m\shared\I Love You Darling 1.0.zip c:\documents and settings\Others\Application Data\m\shared\IDAutomation Code 128 Font Advantage 6.10.zip c:\documents and settings\Others\Application Data\m\shared\Identify_Emails_-_Collect_emails_1.0.zip c:\documents and settings\Others\Application Data\m\shared\IE_ScrollBar_FreeStyler_Plus_1.0.zip c:\documents and settings\Others\Application Data\m\shared\Image Sorter 2004 1.3.zip c:\documents and settings\Others\Application Data\m\shared\Intech_ITSleuth_1.0_[With_Crack].zip c:\documents and settings\Others\Application Data\m\shared\Internet_Quotes_Assistant_3.80_Crack.zip c:\documents and settings\Others\Application Data\m\shared\JDLabAgent 1.0.1.zip c:\documents and settings\Others\Application Data\m\shared\Jesterware iPod Video Suite 2.06.zip c:\documents and settings\Others\Application Data\m\shared\JPOW_Calendar_4.2_(With_Crack).zip c:\documents and settings\Others\Application Data\m\shared\KIIS_102.7_Radio_2.0.zip c:\documents and settings\Others\Application Data\m\shared\Kurral 6.zip c:\documents and settings\Others\Application Data\m\shared\Landscape_screensaver_2.3.zip c:\documents and settings\Others\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 Polish - Portuguese 1.1.18 [Cracked].zip c:\documents and settings\Others\Application Data\m\shared\Live_Billiards_2.1.zip c:\documents and settings\Others\Application Data\m\shared\LiveCalc_2.0.zip c:\documents and settings\Others\Application Data\m\shared\Lotto Cheatah 2.33.zip c:\documents and settings\Others\Application Data\m\shared\MailBee POP3 5.2.zip c:\documents and settings\Others\Application Data\m\shared\MailDetective for Exchange Server 2.1c.zip c:\documents and settings\Others\Application Data\m\shared\McAfee.ePo.3.0SP1.zip c:\documents and settings\Others\Application Data\m\shared\MCSE_Windows_2000_Administration_301.zip c:\documents and settings\Others\Application Data\m\shared\MD5 Generator 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Mind Mastery Mental Conditioning 1.zip c:\documents and settings\Others\Application Data\m\shared\MLHotKey_1.0.zip c:\documents and settings\Others\Application Data\m\shared\Movies_12.zip c:\documents and settings\Others\Application Data\m\shared\No Trace 3.0b.zip c:\documents and settings\Others\Application Data\m\shared\Norton.Antivirus.2006.+crack+serial.zip c:\documents and settings\Others\Application Data\m\shared\NuGenSQLWorks.NET 1.5.613.zip c:\documents and settings\Others\Application Data\m\shared\Online To-Do List Manager.zip c:\documents and settings\Others\Application Data\m\shared\Open Contacts 5.2.zip c:\documents and settings\Others\Application Data\m\shared\Ortus_Shell_Dialogs_1.51_[Key].zip c:\documents and settings\Others\Application Data\m\shared\Packed_Column_Calculator_1.1_[KeyGen].zip c:\documents and settings\Others\Application Data\m\shared\PasswordMaker Firefox Add-on 1.7.2.zip c:\documents and settings\Others\Application Data\m\shared\pasteCode_0.6.1.zip c:\documents and settings\Others\Application Data\m\shared\Pluto's ColorPick 1.03.zip c:\documents and settings\Others\Application Data\m\shared\PPC-Protect_1_build_04.04.zip c:\documents and settings\Others\Application Data\m\shared\Prime Integer Observatory 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Punch_Me_In_1.17.zip c:\documents and settings\Others\Application Data\m\shared\Purina Yesterday's News 1.2.zip c:\documents and settings\Others\Application Data\m\shared\Rconfig_3.1.1.zip c:\documents and settings\Others\Application Data\m\shared\Realtime Landscaping Architect 1.03.zip c:\documents and settings\Others\Application Data\m\shared\Rebound Recharged.zip c:\documents and settings\Others\Application Data\m\shared\RN Password Manager 4.0.0.zip c:\documents and settings\Others\Application Data\m\shared\Roommate_Finder_Solution_JUL.2007_(KeyGen).zip c:\documents and settings\Others\Application Data\m\shared\SE_BOM_Extractor_3.6.27.zip c:\documents and settings\Others\Application Data\m\shared\SetFSBTray 1.1.2.zip c:\documents and settings\Others\Application Data\m\shared\Shrek 3 Screensaver 1.0.zip c:\documents and settings\Others\Application Data\m\shared\SignalLab VCL 3.1.zip c:\documents and settings\Others\Application Data\m\shared\SkreenCAM 1.0 Beta.zip c:\documents and settings\Others\Application Data\m\shared\SmartDraw_Photo_2.03.zip c:\documents and settings\Others\Application Data\m\shared\Snackster.net_1.0.0_build_55.zip c:\documents and settings\Others\Application Data\m\shared\SoftPepper DVD Ripper 1.0 (Serial).zip c:\documents and settings\Others\Application Data\m\shared\StreamAware 1.0 Cracked.zip c:\documents and settings\Others\Application Data\m\shared\SunRav_BookOffice_3.0_With_Crack.zip c:\documents and settings\Others\Application Data\m\shared\Tellura Key Minder 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Tray_Pilot_1.20_Build_14.zip c:\documents and settings\Others\Application Data\m\shared\TweakNow Windows Customizer 1.1.0.zip c:\documents and settings\Others\Application Data\m\shared\Unreal Tournament 2003 - Defiance Invasion map.zip c:\documents and settings\Others\Application Data\m\shared\Unreal_Update_2.2.4b1.zip c:\documents and settings\Others\Application Data\m\shared\USB-WinLock_1.2_[Serial].zip c:\documents and settings\Others\Application Data\m\shared\Vehicules 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Video-AVI to GIF Converter 3.011.zip c:\documents and settings\Others\Application Data\m\shared\WASP_-Water_And_Steam_Properties_2.0.36.zip c:\documents and settings\Others\Application Data\m\shared\Web_Site_Robot_2.4.zip c:\documents and settings\Others\Application Data\m\shared\Wiagra_Batch_Converter_2.20.zip c:\documents and settings\Others\Application Data\m\shared\WinConsole 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Window Seizer 1.00.zip c:\documents and settings\Others\Application Data\m\shared\Windows Control 1.0.zip c:\documents and settings\Others\Application Data\m\shared\Windows_Icon_Collection_1.0.zip c:\documents and settings\Others\Application Data\m\shared\XLitePro_1.6_(Cracked).zip c:\documents and settings\Others\Application Data\m\shared\Yahoo!_Mail_Checker_1.0.zip c:\documents and settings\Others\Application Data\m\srvlist.oct c:\windows\system32\ban_list.txt . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 ))))))))))))))))))))))))))))))) . 2009-10-26 01:45 . 2009-10-26 01:45 -------- d-----w- c:\program files\Trend Micro 2009-10-26 01:40 . 2009-10-26 01:40 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Deployment 2009-10-25 13:12 . 2009-10-25 13:15 -------- d-----w- c:\program files\SpywareBlaster 2009-10-25 08:32 . 2009-10-25 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-25 08:17 . 2009-10-25 08:17 -------- d-----w- c:\program files\Zone Labs 2009-10-25 07:02 . 2009-10-25 13:33 -------- d-----w- c:\program files\MSECACHE 2009-10-24 14:08 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 14:08 . 2009-10-26 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-24 14:08 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-24 03:01 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-24 03:01 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-24 02:54 . 2009-10-24 06:17 -------- d-----w- c:\windows\BDOSCAN8 2009-10-23 09:23 . 2009-10-23 09:23 -------- d-----w- c:\windows\system32\wbem\Repository 2009-10-23 00:17 . 2009-10-30 03:53 -------- d--h--w- c:\documents and settings\Others\Application Data\drivers 2009-10-22 09:30 . 2009-10-26 01:48 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Temp 2009-10-17 06:45 . 2006-10-09 04:00 94208 ----a-w- c:\windows\Dream Aquarium.scr 2009-10-17 06:44 . 2009-10-17 06:46 -------- d-----w- c:\program files\Dream Aquarium 2009-10-17 05:41 . 2009-10-17 05:41 102400 ----a-w- c:\windows\DreamAquarium.scr 2009-10-16 13:21 . 2008-10-09 06:25 69008 ----a-w- c:\windows\system32\zlcomm.dll 2009-10-16 13:21 . 2008-10-09 06:25 106384 ----a-w- c:\windows\system32\zlcommdb.dll 2009-10-16 13:21 . 2008-10-09 06:25 1221008 ----a-w- c:\windows\system32\zpeng25.dll 2009-10-16 13:21 . 2009-10-29 15:55 -------- d-----w- c:\windows\system32\ZoneLabs 2009-10-16 13:17 . 2009-10-30 03:24 -------- d-----w- c:\windows\Internet Logs 2009-10-16 00:25 . 2009-10-16 00:25 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Yahoo! 2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\documents and settings\Others\Application Data\Kingsoft 2009-10-15 14:30 . 2009-10-15 14:31 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free 2009-10-15 13:41 . 2009-10-15 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\documents and settings\Others\Application Data\JAM Software 2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\program files\TreeSize Professional 2009-10-08 15:32 . 2009-10-08 15:32 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys 2009-10-08 15:31 . 2009-10-08 15:54 -------- d-----w- c:\program files\SplitCam 2009-10-08 09:51 . 2009-10-08 09:51 -------- d-----w- c:\program files\uTorrent 2009-10-08 09:50 . 2009-10-23 10:10 -------- d-----w- c:\documents and settings\Others\Application Data\uTorrent 2009-10-08 09:01 . 2009-10-08 09:01 -------- d-----w- c:\documents and settings\Others\Application Data\WebcamMax 2009-10-08 09:00 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2009-10-08 00:01 . 2009-10-08 00:03 -------- d-----w- c:\documents and settings\Others\Application Data\ManyCam 2009-10-08 00:01 . 2009-10-08 00:04 -------- d-----w- c:\program files\ManyCam 2.4 2009-10-07 18:17 . 2009-10-07 18:17 -------- d-----w- C:\_OTM 2009-10-06 15:40 . 2009-10-06 15:40 -------- d-----w- c:\program files\SpeedBit Video Accelerator 2009-10-06 15:31 . 2009-10-06 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2009-10-06 15:26 . 2009-10-06 15:31 -------- d-----w- c:\program files\DAP 2009-10-05 12:39 . 2009-10-05 12:39 -------- d-----w- c:\program files\AGI 2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\program files\ICQ6Toolbar 2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ 2009-10-04 23:38 . 2009-10-04 23:46 -------- d-----w- c:\program files\ICQ6.5 2009-10-02 10:54 . 2009-10-02 13:05 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-02 10:48 . 2009-10-02 10:48 -------- d-----w- c:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-30 03:21 . 2007-01-27 03:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-30 03:20 . 2007-12-06 14:27 -------- d-----w- c:\documents and settings\Others\Application Data\SlimBrowser 2009-10-29 23:53 . 2004-05-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-29 10:39 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2009-10-27 15:55 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\Others\Application Data\Babylon 2009-10-25 08:31 . 2005-02-02 04:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-25 08:27 . 2004-06-02 12:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-10-25 06:36 . 2005-03-28 16:01 -------- d-----w- c:\program files\Ashampoo 2009-10-25 05:47 . 2005-01-03 07:05 -------- d-----w- c:\program files\Startup Faster 2004 2009-10-24 04:59 . 2004-06-06 10:48 -------- d-----w- c:\program files\IncrediMail 2009-10-24 03:01 . 2009-09-29 04:31 -------- d-----w- c:\program files\CCleaner 2009-10-23 13:07 . 2009-07-16 23:06 -------- d-----w- c:\program files\SpywareGuard 2009-10-23 09:18 . 2008-02-11 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache 2009-10-14 05:49 . 2005-01-16 06:03 -------- d-----w- c:\documents and settings\Others\Application Data\Skype 2009-10-14 02:48 . 2007-03-01 13:11 -------- d-----w- c:\documents and settings\Others\Application Data\U3 2009-10-09 15:26 . 2008-02-11 02:23 21 ----a-w- c:\windows\system32\mylk.dat 2009-10-08 17:19 . 2009-07-29 22:12 -------- d-----w- c:\documents and settings\Others\Application Data\LimeWire 2009-10-08 15:31 . 2003-03-18 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 15:30 . 2006-04-20 06:17 -------- d-----w- c:\program files\GetRight 2009-10-05 13:00 . 2005-12-25 10:00 -------- d-----w- c:\program files\Winamp 2009-10-05 12:39 . 2009-06-13 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\agi 2009-10-04 23:41 . 2009-03-26 11:56 -------- d-----w- c:\program files\ICQ6 2009-10-03 03:38 . 2005-01-20 06:45 -------- d-----w- c:\program files\Trillian 2009-10-02 10:53 . 2009-05-13 07:13 -------- d-----w- c:\program files\Windows Live 2009-10-01 02:37 . 2009-01-09 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-29 04:39 . 2004-12-03 08:54 -------- d-----w- c:\program files\ePrompter 2009-09-27 03:26 . 2005-04-21 15:20 -------- d-----w- c:\program files\Opera 2009-09-25 15:16 . 2004-06-02 09:47 -------- d-----w- c:\program files\Avant Browser 2009-09-25 03:58 . 2009-08-02 02:25 -------- d-----w- c:\program files\PIM 2009-09-23 14:18 . 2008-01-19 10:33 -------- d-----w- c:\program files\IEPro 2009-09-23 06:42 . 2003-03-30 18:02 58504 ----a-w- c:\documents and settings\Others\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-23 06:07 . 2004-12-03 08:53 -------- d-----w- c:\program files\iDailyDiary 2009-09-17 21:52 . 2009-09-17 21:52 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-09-16 14:52 . 2005-03-28 08:03 -------- d-----w- c:\documents and settings\Others\Application Data\SolidDocuments 2009-09-13 05:18 . 2009-09-13 05:18 693760 ----a-w- c:\windows\is-V9TVU.exe 2009-09-12 15:16 . 2009-07-29 23:17 -------- d---a-w- c:\program files\eMule0.49c 2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 07:06 . 2009-09-11 05:15 157446 ----a-w- c:\windows\hphins27.dat 2009-09-11 05:43 . 2009-09-11 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2009-09-11 05:42 . 2009-09-11 05:42 -------- d-----w- c:\documents and settings\Others\Application Data\HP 2009-09-11 05:27 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-09-11 05:24 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-09-11 05:24 . 2009-09-11 05:21 -------- d-----w- c:\program files\HP 2009-09-11 05:23 . 2009-09-11 05:23 -------- d-----w- c:\program files\Common Files\HP 2009-09-11 05:14 . 2009-09-11 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-09-09 23:01 . 2009-07-15 06:59 -------- d-----w- c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com 2009-09-09 15:29 . 2008-02-13 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-07 13:39 . 2009-09-07 13:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 13:10 . 2009-09-04 13:10 -------- d-----w- c:\program files\RMVB Converter 2009-08-29 08:08 . 2004-08-03 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll 2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll 2009-08-17 16:10 . 2004-11-23 00:40 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2005-01-21 01:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2005-01-21 01:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:04 . 2005-01-21 01:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2005-02-25 18:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2005-01-21 01:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2004-06-24 07:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr 2009-08-05 09:01 . 2004-07-24 09:44 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-04 12:44 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-03 14:43 . 2009-08-03 14:43 687104 ----a-w- c:\windows\is-C4T0L.exe 2009-10-06 15:31 . 2009-10-06 15:37 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll 2005-02-03 03:33 . 2005-01-21 02:52 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupFaster"="c:\program files\Startup Faster 2004\StrpFstCfg.exe" [2005-02-28 1695744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Others\Start Menu\Programs\Startup\StartupFaster AMF Daily Planner and PIM.lnk - c:\program files\PIM\amf.exe [2009-8-14 2457600] StartupFaster.ini [2009-10-26 1104] Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-6-11 157000] X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2005-10-1 331264] X1.lnk - c:\program files\X1\X1.exe [2005-10-1 13479064] c:\documents and settings\All Users\Start Menu\Programs\Startup\StartupFaster Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-19 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] hpzrcv01.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\setup\hpzstub.exe [2009-9-11 521552] hpzsetup.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\hpzstub.exe [2009-9-11 521552] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808] StartupFaster.ini [2009-10-26 2222] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoVisualStyleChoice"= 0 (0x0) "NoColorChoice"= 0 (0x0) "NoSizeChoice"= 0 (0x0) "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoExpandedNewMenu"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "DisallowRun"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideClock"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoExpandedNewMenu"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2003-08-25 02:25 139264 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Switch Off"=c:\program files\Switch Off\swoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DadApp"=c:\program files\Dell\AccessDirect\dadapp.exe "DVDSentry"=c:\windows\System32\DSentry.exe "pdfSaver3"= "PrinterOn Printer Select 2.6"=c:\program files\PrinterOn Corporation\Internet PrintWhere 2.6\PW_PrinterSelect26.exe -NoUI [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IEPro\\MiniDM.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\KWMUSIC\\KwMusic.exe"= "c:\\Program Files\\KWMUSIC\\KwMV.exe"= "c:\\Program Files\\China Mobile\\Fetion\\FetionFX.exe"= "c:\\Program Files\\China Mobile\\Fetion\\VMDotNet\\v2.0.50727\\FetionVM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\ICQ6.5\\ICQ.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:File and Printer Sharing "8529:TCP"= 8529:TCP:yduq [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [10/24/2009 11:01 AM 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [10/24/2009 11:01 AM 20560] R2 CMB8100;CMB8100;c:\windows\SYSTEM32\DRIVERS\CertClient.dat [9/14/2008 7:52 AM 3038] R2 CMBProtector;CMBProtector;c:\windows\SYSTEM32\DRIVERS\CMBProtector.dat [9/14/2008 7:52 AM 3584] R2 lf;lf;c:\program files\Everstrike\Lock Folder XP 3.2\UniShieldXP.sys [7/3/2003 9:50 PM 45952] R2 MOTOVISION;MotoVision For E680/680i, A780/760/768 Virtual Camera;c:\windows\SYSTEM32\DRIVERS\motovision.sys [1/6/2009 9:31 PM 31145] R3 DirectDrv;DirectDrv;c:\windows\SYSTEM32\DRIVERS\MotoVisionDP.sys [1/6/2009 9:31 PM 11941] R3 LMPC2;LMPC2;c:\windows\SYSTEM32\DRIVERS\lmpc2.sys [10/25/2007 10:30 PM 4224] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\SYSTEM32\DRIVERS\ManyCam.sys [1/14/2008 6:06 PM 21632] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [10/24/2009 10:08 PM 19160] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 AgilentUSBCam;E-Video DC-350 USB Camera;c:\windows\SYSTEM32\DRIVERS\Atusbcam.sys [4/26/2001 1:04 AM 117984] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys --> c:\windows\system32\Drivers\BRGSp50.sys [?] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\SYSTEM32\DRIVERS\motfilt.sys [9/6/2008 10:15 PM 6016] S3 DCamUSBUVT;ICM532A;c:\windows\SYSTEM32\DRIVERS\usbuvt.sys [3/9/2004 2:50 PM 95232] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [6/21/2009 1:21 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [6/21/2009 1:21 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [6/21/2009 1:21 PM 42112] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\SYSTEM32\DRIVERS\Motousbnet.sys [6/21/2009 1:21 PM 23296] S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [1/6/2009 9:49 PM 23680] S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\SYSTEM32\DRIVERS\ntspppoe.sys [4/13/2003 5:47 PM 161512] S3 RAWESR;RAWESR;\??\c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS --> c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [?] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 2:11 PM 224896] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408] --- Other Services/Drivers In Memory --- NewlyCreated - CLASSPNP_2 NewlyCreated - MBR NewlyCreated - PCIIDEX_2 Deregistered - CLASSPNP_2 Deregistered - mbr Deregistered - PCIIDEX_2 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2006-10-01 c:\windows\Tasks\Disk Cleanup.job - c:\windows\SYSTEM32\cleanmgr.exe [2002-09-03 00:12] 2005-03-21 c:\windows\Tasks\FreshDiagnose Report.job - c:\program files\FreshDevices\FreshDiagnose\fdiag.exe [2004-04-28 07:12] 2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job - c:\documents and settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-22 09:30] 2009-10-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Others.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-10-26 06:53] 2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html IE: c:\program files\Tencent\qq\SendMMS.htm IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~2\bin\resources\WebMenuImg.htm IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Answers... - file:c:\program files\1-Click Answers\Html\atiemenu.htm IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Logoff - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComLogoff.html IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm LSP: c:\progra~1\SPEEDB~1\sblsp.dll Trusted Zone: bankofamerica.com\www Trusted Zone: com.cn\mybank.icbc Trusted Zone: com.cn\www.icbc Trusted Zone: hotmail.com\www Trusted Zone: live.com\login Trusted Zone: microsoft.com\v4.Windowsupdate Trusted Zone: microsoft.com\Windowsupdate Trusted Zone: msn.com\www Trusted Zone: yahoo.com\www DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} - hxxps://ebank.gdb.com.cn/perbank/js/CertKitAx.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab FF - ProfilePath - c:\documents and settings\Others\Application Data\Mozilla\Firefox\Profiles\8g1iwoqs.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 250 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - false . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-30 11:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\My Shared Folder scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMB8100] "ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMBProtector] "ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\EduFont\EduOffice* b„vW[\BCGWorkspace\WindowPlacement] "MainWindowRect"=hex:fc,ff,ff,ff,fc,ff,ff,ff,04,04,00,00,04,03,00,00 "Flags"=dword:00000002 "ShowCmd"=dword:00000003 [HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1320) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\program files\Common Files\Stardock\mcpstub.dll - - - - - - - > 'lsass.exe'(1620) c:\program files\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\program files\SpeedBit Video Accelerator\CommPipe.dll c:\program files\SpeedBit Video Accelerator\Collector.dll - - - - - - - > 'explorer.exe'(2900) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\CursorXP\CurXP0.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-10-30 12:00 ComboFix-quarantined-files.txt 2009-10-30 03:59 Pre-Run: 2,569,850,880 bytes free Post-Run: 2,548,809,728 bytes free - - End Of File - - D35F915B27F8A0E906589E323DD394B5

oldman960 View Member Profile	Oct 31 2009, 05:08 AM Post #11
SuperHelper Group: Classroom Teacher Posts: 5,751 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi Tom_q2356, Your system has been infected by one or more Backdoor Trojans. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall. More information on Remote Access Trojans can be found here. I strongly suggest you do the following immediately: Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to. DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. To help you make your decision, here are a few related articles that i suggest you read: Danger: Remote Access Trojans. When should I re-format? How should I reinstall? How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud? Should you have any questions, please feel free to ask. Should you wish to continue cleaning, please carry on. Any particular reason these are in the Trusted Zone? By default you security setting are lower in this zone. QUOTE Trusted Zone: bankofamerica.com\www Trusted Zone: com.cn\mybank.icbc Trusted Zone: com.cn\www.icbc Trusted Zone: hotmail.com\www Trusted Zone: live.com\login Trusted Zone: microsoft.com\v4.Windowsupdate Trusted Zone: microsoft.com\Windowsupdate Trusted Zone: msn.com\www Trusted Zone: yahoo.com\www LimeWire and uTorrent You have LimeWire and uTorrent, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing them. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles...cles/art053.htm I would recommend that you uninstall LimeWire and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep them, please do not use them until your computer is cleaned. Next, let's look deeper. Download Rooter.exe to your desktop Then doubleclick it to start the tool A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have installed Windows). Post that in your next reply. We will be using Combofix again but will run it differently. Please follow all previous instructions regarding security programs. Open a new Notepad session Click the Start button, click run in the run box type notepad click ok In the notepad, Click "Format" and be certain that Word Wrap is not checked. Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE CODE Folder:: c:\documents and settings\Others\Application Data\drivers RegLock:: [HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] In the notepad Click File, Save as..., and set the Save in to your Desktop In the filename box, type (including quotation marks) as the filename: "CFScript.txt" Click save Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below. This will start ComboFix again.Close all browser/windows first. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Please post back with Rooter log combofix log How is your computer? Thanks

Tom_q2356 View Member Profile	Oct 31 2009, 02:52 PM Post #12
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [SharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.0.14 (en-US) . C:\ [Fixed-NTFS] .. ( Total:27 Go - Free:2 Go ) D:\ [CD_Rom] . Scan : 09:43.38 Path : C:\Documents and Settings\Others\Desktop\Rooter.exe User : Others ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (772) ______ \??\C:\WINDOWS\system32\csrss.exe (1164) ______ \??\C:\WINDOWS\system32\winlogon.exe (1336) ______ C:\WINDOWS\system32\services.exe (1592) ______ C:\WINDOWS\system32\lsass.exe (1620) ______ C:\WINDOWS\system32\svchost.exe (200) ______ C:\WINDOWS\system32\svchost.exe (396) ______ C:\WINDOWS\System32\svchost.exe (616) ______ C:\WINDOWS\System32\svchost.exe (756) ______ C:\WINDOWS\system32\svchost.exe (1436) ______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1356) ______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1512) ______ C:\WINDOWS\system32\spoolsv.exe (472) ______ C:\WINDOWS\System32\svchost.exe (540) ______ C:\WINDOWS\System32\Ati2evxx.exe (788) ______ C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (660) ______ C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (1636) ______ C:\WINDOWS\system32\svchost.exe (1452) ______ C:\Program Files\Ahead\InCD\InCDsrv.exe (1108) ______ C:\Program Files\Java\jre6\bin\jqs.exe (1012) ______ C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (636) ______ C:\WINDOWS\System32\svchost.exe (1880) ______ C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (2112) ______ C:\WINDOWS\System32\alg.exe (3004) ______ C:\Program Files\Common Files\Stardock\SDMCP.exe (3508) ______ C:\WINDOWS\Explorer.EXE (228) ______ C:\Program Files\reliz\akeys.exe (1244) ______ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (3372) ______ C:\Program Files\CursorXP\CursorXP.exe (3896) ______ C:\Program Files\Digital Line Detect\DLG.exe (2988) ______ C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (3848) ______ C:\Program Files\Startup Faster 2004\sfAgent.exe (2884) ______ C:\WINDOWS\system32\ctfmon.exe (2816) ______ C:\Documents and Settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (1192) ______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (524) ______ C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (2812) ______ C:\Documents and Settings\Others\Desktop\Rooter.exe (1520) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 \| Length:32868864) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 \| Length:29964695040) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\DESKTOP.INI C:\WINDOWS\Tasks\Disk Cleanup.job C:\WINDOWS\Tasks\FreshDiagnose Report.job C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Others.job C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . C:\DOCUME~1\Others\APPLIC~1\drivers ==> Bagle <== . C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an d.Patch-CRD\keygen\keygen.exe C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an d.Patch-CRD\keygen\keygen.exe ==> Cracks & Keygens <== . ----------------------\\ Scan completed at 09:46.10 . C:\Rooter$\Rooter_1.txt - (31/10/2009 \| 09:46.10).c

Tom_q2356 View Member Profile	Oct 31 2009, 02:57 PM Post #13
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	ComboFix 09-10-28.08 - Others 10/31/2009 9:57.5.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.623 [GMT 8:00] Running from: c:\documents and settings\Others\Desktop\jgh.exe Command switches used :: c:\documents and settings\Others\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 091030-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Pro Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Others\Application Data\drivers ----- BITS: Possible infected sites ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 ))))))))))))))))))))))))))))))) . 2009-10-31 01:45 . 2009-10-31 01:46 -------- d-----w- C:\Rooter$ 2009-10-26 01:45 . 2009-10-26 01:45 -------- d-----w- c:\program files\Trend Micro 2009-10-26 01:40 . 2009-10-26 01:40 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Deployment 2009-10-25 13:12 . 2009-10-25 13:15 -------- d-----w- c:\program files\SpywareBlaster 2009-10-25 08:32 . 2009-10-25 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-25 08:17 . 2009-10-25 08:17 -------- d-----w- c:\program files\Zone Labs 2009-10-25 07:02 . 2009-10-25 13:33 -------- d-----w- c:\program files\MSECACHE 2009-10-24 14:08 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 14:08 . 2009-10-26 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-24 14:08 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-24 03:01 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-24 03:01 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-24 02:54 . 2009-10-24 06:17 -------- d-----w- c:\windows\BDOSCAN8 2009-10-23 09:23 . 2009-10-23 09:23 -------- d-----w- c:\windows\system32\wbem\Repository 2009-10-22 09:30 . 2009-10-26 01:48 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Temp 2009-10-17 06:45 . 2006-10-09 04:00 94208 ----a-w- c:\windows\Dream Aquarium.scr 2009-10-17 06:44 . 2009-10-17 06:46 -------- d-----w- c:\program files\Dream Aquarium 2009-10-17 05:41 . 2009-10-17 05:41 102400 ----a-w- c:\windows\DreamAquarium.scr 2009-10-16 13:21 . 2008-10-09 06:25 69008 ----a-w- c:\windows\system32\zlcomm.dll 2009-10-16 13:21 . 2008-10-09 06:25 106384 ----a-w- c:\windows\system32\zlcommdb.dll 2009-10-16 13:21 . 2008-10-09 06:25 1221008 ----a-w- c:\windows\system32\zpeng25.dll 2009-10-16 13:21 . 2009-10-29 15:55 -------- d-----w- c:\windows\system32\ZoneLabs 2009-10-16 13:17 . 2009-10-31 01:37 -------- d-----w- c:\windows\Internet Logs 2009-10-16 00:25 . 2009-10-16 00:25 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Yahoo! 2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\documents and settings\Others\Application Data\Kingsoft 2009-10-15 14:30 . 2009-10-15 14:31 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free 2009-10-15 13:41 . 2009-10-15 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\documents and settings\Others\Application Data\JAM Software 2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\program files\TreeSize Professional 2009-10-08 15:32 . 2009-10-08 15:32 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys 2009-10-08 15:31 . 2009-10-08 15:54 -------- d-----w- c:\program files\SplitCam 2009-10-08 09:51 . 2009-10-08 09:51 -------- d-----w- c:\program files\uTorrent 2009-10-08 09:50 . 2009-10-23 10:10 -------- d-----w- c:\documents and settings\Others\Application Data\uTorrent 2009-10-08 09:01 . 2009-10-08 09:01 -------- d-----w- c:\documents and settings\Others\Application Data\WebcamMax 2009-10-08 09:00 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2009-10-08 00:01 . 2009-10-08 00:03 -------- d-----w- c:\documents and settings\Others\Application Data\ManyCam 2009-10-08 00:01 . 2009-10-08 00:04 -------- d-----w- c:\program files\ManyCam 2.4 2009-10-07 18:17 . 2009-10-07 18:17 -------- d-----w- C:\_OTM 2009-10-06 15:40 . 2009-10-06 15:40 -------- d-----w- c:\program files\SpeedBit Video Accelerator 2009-10-06 15:31 . 2009-10-06 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2009-10-06 15:26 . 2009-10-06 15:31 -------- d-----w- c:\program files\DAP 2009-10-05 12:39 . 2009-10-05 12:39 -------- d-----w- c:\program files\AGI 2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\program files\ICQ6Toolbar 2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ 2009-10-04 23:38 . 2009-10-04 23:46 -------- d-----w- c:\program files\ICQ6.5 2009-10-02 10:54 . 2009-10-02 13:05 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-02 10:48 . 2009-10-02 10:48 -------- d-----w- c:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-31 01:35 . 2007-12-06 14:27 -------- d-----w- c:\documents and settings\Others\Application Data\SlimBrowser 2009-10-30 17:08 . 2003-05-17 09:03 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-30 16:57 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2009-10-30 11:20 . 2007-01-27 03:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-30 05:07 . 2004-12-03 08:53 -------- d-----w- c:\program files\iDailyDiary 2009-10-29 23:53 . 2004-05-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-27 15:55 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\Others\Application Data\Babylon 2009-10-25 08:31 . 2005-02-02 04:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-25 08:27 . 2004-06-02 12:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-10-25 06:36 . 2005-03-28 16:01 -------- d-----w- c:\program files\Ashampoo 2009-10-25 05:47 . 2005-01-03 07:05 -------- d-----w- c:\program files\Startup Faster 2004 2009-10-24 04:59 . 2004-06-06 10:48 -------- d-----w- c:\program files\IncrediMail 2009-10-24 03:01 . 2009-09-29 04:31 -------- d-----w- c:\program files\CCleaner 2009-10-23 13:07 . 2009-07-16 23:06 -------- d-----w- c:\program files\SpywareGuard 2009-10-23 09:18 . 2008-02-11 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache 2009-10-14 05:49 . 2005-01-16 06:03 -------- d-----w- c:\documents and settings\Others\Application Data\Skype 2009-10-14 02:48 . 2007-03-01 13:11 -------- d-----w- c:\documents and settings\Others\Application Data\U3 2009-10-09 15:26 . 2008-02-11 02:23 21 ----a-w- c:\windows\system32\mylk.dat 2009-10-08 17:19 . 2009-07-29 22:12 -------- d-----w- c:\documents and settings\Others\Application Data\LimeWire 2009-10-08 15:31 . 2003-03-18 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 15:30 . 2006-04-20 06:17 -------- d-----w- c:\program files\GetRight 2009-10-05 13:00 . 2005-12-25 10:00 -------- d-----w- c:\program files\Winamp 2009-10-05 12:39 . 2009-06-13 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\agi 2009-10-04 23:41 . 2009-03-26 11:56 -------- d-----w- c:\program files\ICQ6 2009-10-03 03:38 . 2005-01-20 06:45 -------- d-----w- c:\program files\Trillian 2009-10-02 10:53 . 2009-05-13 07:13 -------- d-----w- c:\program files\Windows Live 2009-10-01 02:37 . 2009-01-09 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-29 04:39 . 2004-12-03 08:54 -------- d-----w- c:\program files\ePrompter 2009-09-27 03:26 . 2005-04-21 15:20 -------- d-----w- c:\program files\Opera 2009-09-25 15:16 . 2004-06-02 09:47 -------- d-----w- c:\program files\Avant Browser 2009-09-25 03:58 . 2009-08-02 02:25 -------- d-----w- c:\program files\PIM 2009-09-23 14:18 . 2008-01-19 10:33 -------- d-----w- c:\program files\IEPro 2009-09-23 06:42 . 2003-03-30 18:02 58504 ----a-w- c:\documents and settings\Others\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-17 21:52 . 2009-09-17 21:52 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-09-16 14:52 . 2005-03-28 08:03 -------- d-----w- c:\documents and settings\Others\Application Data\SolidDocuments 2009-09-13 05:18 . 2009-09-13 05:18 693760 ----a-w- c:\windows\is-V9TVU.exe 2009-09-12 15:16 . 2009-07-29 23:17 -------- d---a-w- c:\program files\eMule0.49c 2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 07:06 . 2009-09-11 05:15 157446 ----a-w- c:\windows\hphins27.dat 2009-09-11 05:43 . 2009-09-11 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2009-09-11 05:42 . 2009-09-11 05:42 -------- d-----w- c:\documents and settings\Others\Application Data\HP 2009-09-11 05:27 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-09-11 05:24 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-09-11 05:24 . 2009-09-11 05:21 -------- d-----w- c:\program files\HP 2009-09-11 05:23 . 2009-09-11 05:23 -------- d-----w- c:\program files\Common Files\HP 2009-09-11 05:14 . 2009-09-11 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-09-09 23:01 . 2009-07-15 06:59 -------- d-----w- c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com 2009-09-09 15:29 . 2008-02-13 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-07 13:39 . 2009-09-07 13:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 13:10 . 2009-09-04 13:10 -------- d-----w- c:\program files\RMVB Converter 2009-08-29 08:08 . 2004-08-03 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll 2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll 2009-08-17 16:10 . 2004-11-23 00:40 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2005-01-21 01:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2005-01-21 01:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:04 . 2005-01-21 01:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2005-02-25 18:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2005-01-21 01:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2004-06-24 07:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr 2009-08-05 09:01 . 2004-07-24 09:44 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-04 12:44 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-03 14:43 . 2009-08-03 14:43 687104 ----a-w- c:\windows\is-C4T0L.exe 2009-10-06 15:31 . 2009-10-06 15:37 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll 2005-02-03 03:33 . 2005-01-21 02:52 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-30_03.54.38 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-31 01:02 . 2009-10-31 01:02 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat + 2009-10-31 01:03 . 2009-10-31 01:03 16384 c:\windows\Temp\Perflib_Perfdata_294.dat + 2009-10-30 17:08 . 2009-10-30 17:08 3940352 c:\windows\Installer\18a5645.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupFaster"="c:\program files\Startup Faster 2004\StrpFstCfg.exe" [2005-02-28 1695744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Others\Start Menu\Programs\Startup\StartupFaster AMF Daily Planner and PIM.lnk - c:\program files\PIM\amf.exe [2009-8-14 2457600] StartupFaster.ini [2009-10-26 1104] Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-6-11 157000] X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2005-10-1 331264] X1.lnk - c:\program files\X1\X1.exe [2005-10-1 13479064] c:\documents and settings\All Users\Start Menu\Programs\Startup\StartupFaster Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-19 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] hpzrcv01.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\setup\hpzstub.exe [2009-9-11 521552] hpzsetup.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\hpzstub.exe [2009-9-11 521552] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808] StartupFaster.ini [2009-10-26 2222] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoVisualStyleChoice"= 0 (0x0) "NoColorChoice"= 0 (0x0) "NoSizeChoice"= 0 (0x0) "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoExpandedNewMenu"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "DisallowRun"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideClock"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoExpandedNewMenu"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2003-08-25 02:25 139264 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Switch Off"=c:\program files\Switch Off\swoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DadApp"=c:\program files\Dell\AccessDirect\dadapp.exe "DVDSentry"=c:\windows\System32\DSentry.exe "pdfSaver3"= "PrinterOn Printer Select 2.6"=c:\program files\PrinterOn Corporation\Internet PrintWhere 2.6\PW_PrinterSelect26.exe -NoUI [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IEPro\\MiniDM.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\KWMUSIC\\KwMusic.exe"= "c:\\Program Files\\KWMUSIC\\KwMV.exe"= "c:\\Program Files\\China Mobile\\Fetion\\FetionFX.exe"= "c:\\Program Files\\China Mobile\\Fetion\\VMDotNet\\v2.0.50727\\FetionVM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\ICQ6.5\\ICQ.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:File and Printer Sharing "8529:TCP"= 8529:TCP:yduq [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe [2009-07-08 397192] R3 AgilentUSBCam;E-Video DC-350 USB Camera;c:\windows\system32\DRIVERS\Atusbcam.sys [2001-04-26 117984] R3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2007-01-23 6016] R3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys [2002-07-10 95232] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2008-03-03 23296] R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680] R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\DRIVERS\ntspppoe.sys [2001-10-31 161512] R3 RAWESR;RAWESR;c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [x] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408] R3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\DRIVERS\zd1211Bu.sys [2007-06-25 500736] R4 bckg32;Zone Backgammon Client;c:\windows\system32\rundll32.exe bckg32.dll,yduq [x] R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] S2 CMB8100;CMB8100;c:\windows\system32\Drivers\CertClient.dat [2006-11-30 3038] S2 CMBProtector;CMBProtector;c:\windows\system32\Drivers\CMBProtector.dat [2007-01-18 3584] S2 lf;lf;c:\program files\Everstrike\Lock Folder XP 3.2\UniShieldXP.sys [2003-07-03 45952] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] S2 MOTOVISION;MotoVision For E680/680i, A780/760/768 Virtual Camera;c:\windows\system32\DRIVERS\motovision.sys [2006-04-26 31145] S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852] S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-10-06 300656] S3 DirectDrv;DirectDrv;c:\windows\system32\DRIVERS\MotoVisionDP.sys [2006-04-26 11941] S3 LMPC2;LMPC2; [x] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-09-10 19160] --- Other Services/Drivers In Memory --- Deregistered - CLASSPNP_2 Deregistered - mbr Deregistered - PCIIDEX_2 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2006-10-01 c:\windows\Tasks\Disk Cleanup.job - c:\windows\SYSTEM32\cleanmgr.exe [2002-09-03 00:12] 2005-03-21 c:\windows\Tasks\FreshDiagnose Report.job - c:\program files\FreshDevices\FreshDiagnose\fdiag.exe [2004-04-28 07:12] 2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job - c:\documents and settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-22 09:30] 2009-10-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Others.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-10-26 06:53] 2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html IE: c:\program files\Tencent\qq\SendMMS.htm IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~2\bin\resources\WebMenuImg.htm IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Answers... - file:c:\program files\1-Click Answers\Html\atiemenu.htm IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Logoff - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComLogoff.html IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm LSP: c:\progra~1\SPEEDB~1\sblsp.dll Trusted Zone: bankofamerica.com\www Trusted Zone: com.cn\mybank.icbc Trusted Zone: com.cn\www.icbc Trusted Zone: hotmail.com\www Trusted Zone: live.com\login Trusted Zone: microsoft.com\v4.Windowsupdate Trusted Zone: microsoft.com\Windowsupdate Trusted Zone: msn.com\www Trusted Zone: yahoo.com\www DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} - hxxps://ebank.gdb.com.cn/perbank/js/CertKitAx.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab FF - ProfilePath - c:\documents and settings\Others\Application Data\Mozilla\Firefox\Profiles\8g1iwoqs.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 250 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - false . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-31 10:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\My Shared Folder scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMB8100] "ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMBProtector] "ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\EduFont\EduOffice* b„vW[\BCGWorkspace\WindowPlacement] "MainWindowRect"=hex:fc,ff,ff,ff,fc,ff,ff,ff,04,04,00,00,04,03,00,00 "Flags"=dword:00000002 "ShowCmd"=dword:00000003 [HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1336) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\program files\Common Files\Stardock\mcpstub.dll - - - - - - - > 'lsass.exe'(1620) c:\program files\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\program files\SpeedBit Video Accelerator\CommPipe.dll c:\program files\SpeedBit Video Accelerator\Collector.dll - - - - - - - > 'explorer.exe'(2084) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\CursorXP\CurXP0.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\ftpshext.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-10-31 10:15 ComboFix-quarantined-files.txt 2009-10-31 02:14 ComboFix2.txt 2009-10-30 04:00 Pre-Run: 2,717,036,544 bytes free Post-Run: 2,699,329,536 bytes free - - End Of File - - C3F54D5C3BFA711DD263C286DE27CAE0

Tom_q2356 View Member Profile	Oct 31 2009, 03:17 PM Post #14
Authentic Member Group: Authentic Member Posts: 118 Joined: 11-June 04 Member No.: 8,653	Dear Oldman960, This backdoor trojans really make me worried; I will contact my banks right now. I have a question though, I am using RoboForm to keep all of my passwords, Roboform claims to have the type of technology to prevent identity or password theft. Is there anyway we can make my computer completely clean of backdoor trojans and then I change all important passwords from there? There are just too many to be changed. I will just focus on the banks, ebay and amazon. I have lost my the original Windows Xp Cd rom and therefore could not reinstall or reformat my computer programs. Let say though if I eventually can do that reformatting by perhaps borrowing a Cd rom from a friend, can I put back all the old files and not be worried about trojans hidden in the old files? Please advise me the best possible way without having to reinstall or reformat because it seems like the only option for now. Could you tell me what are the specific things I need to tell my banks? Just ask them to watch my account closely for a period of time? Or how does it work? Also, since my computer got infected by backdoors trojans or the "bagle" virus, I have completely stopped using anything related to banks, ebay and amazon; is it still possible that my personal imformation about banks, ebay and amazon be stolen? Stolen from Roboform? Thanks very much! Tom This post has been edited by Tom_q2356: Oct 31 2009, 03:36 PM

oldman960 View Member Profile	Oct 31 2009, 10:39 PM Post #15
SuperHelper Group: Classroom Teacher Posts: 5,751 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi Tom_q2356, Cracks and keygen These are a great souce for trojans, backdoor, keyloggers, rootkits, downloaders and other assorted vermin. I see several of these are or have been on this computer and am pretty certain that this is how you ended up on this forum. This forum does not support the use of these types of programs. We will remove these during the course of the cleaning. http://forums.whatthetech.com/We_do_not_support_t92527.html QUOTE Roboform claims to have the type of technology to prevent identity or password theft. RoboForm will help, but I still advise you to change your passwords just for your peace of mind. If the attackers have your password, changing them later may be too late. QUOTE Could you tell me what are the specific things I need to tell my banks? Just ask them to watch my account closely for a period of time? Tell them that your computer has been compromised and put a watch on your account for any unusal activity. As for your other type of accounts, I suggest you change them also. There may be bits of personal information in those accounts. QUOTE is it still possible that my personal imformation about banks, ebay and amazon be stolen? Stolen from Roboform? I honestly can't tell you as malware is constantly updated to defeat security programs. Bottom line, change your passwords as soon as you can. QUOTE Is there anyway we can make my computer completely clean of backdoor trojans and then I change all important passwords from there? We can clean what we can see or detect with or tools. As I mentioned before "we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer". As security programs are updated (remember they are playing catchup) any lingering elements may be detected. Building a layered security system will help also. The main thing is don't change your passwords from this computer while it is infected. Let's continue. Click your Start button > Control Panel > Add/Remove Programs and uninstall if present RelevantKnowledge MarketResearch Still in Contol Panel Locate the Java icon (it looks like a coffee cup) double click it to open it click the Update tab Click update now After the update is complete Next, Double click on OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : CODE :Files C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an d.Patch-CRD\keygen\keygen.exe C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an d.Patch-CRD\keygen\keygen.exe :Commands [emptytemp] [start explorer] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Reboot your computer You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan. Open MBAM Click the Update tab Click Check for Updates If an update is found, it will download and install the latest version. The program will close to update and reopen. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please post back with OTL fix log MBAM log Thanks

« Next Oldest · Infections Removal · Next Newest »

3 Pages

1 2 3 >

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal [Resolved] please help 12	16	jester421	246	Today, 09:18 AM Last post by: CatByte
		Infections Removal [Resolved] Win32/kryptik.DBX trojan/ SPYWAREPROTECT 2009	6	ROOFIE(MTL)	92	Today, 06:42 AM Last post by: CatByte
		Infections Removal [Resolved] Internet Slow and/or unresponsive 12	15	Amebeo	236	Today, 06:38 AM Last post by: CatByte
		Infections Removal [Resolved] Google Redirect in IE and Firefox	12	ChadA	210	Today, 06:36 AM Last post by: CatByte

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 20th March 2010 - 11:02 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.