WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Nasty Beagle, please help

Started by Tom_q2356 , Oct 24 2009 08:15 PM

This topic is locked

36 replies to this topic

#1 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 24 October 2009 - 08:15 PM

Hello, I am in deep trouble this time after accidently installing Beagle or bagle into my system. A lot of my applications including zonealarm, spywareblaster, superantispyware, avast virus scanner and more got disabled; I received constant prompt like this "xxx.exe is not a valid win32 application." So far I've only fixed one up--Avast virus scanner--myself with Avast's own repair tool. Most of the infected applications look intact in the program files; however, very sadly they cannot be used, nor be uninstalled. When trying to uninstall each of them, I receied the same prompt, "xxx.exe is not a valid win32 application." The following are the bagle virus that got caught by "bitdefender" software; out of all, only one failed to be deleted and now could not be found in the system either; and that one is-- "C:\Documents and Settings\Others\Application Data\drivers\downld\wfsintwq.sys (Infected with: Win32.Bagle.Gen)." Bidefender did solve my internet connection problem cuased by Bagle infection though.

Like I mentioned early on, many applications got disabled; so even hijackthis application is not working anymore. Please Help!!

C:\Documents and Settings\Others\Application Data\drivers\downld\340780.exe
(Infected with: Win32.Bagle.SVI)

C:\Documents and Settings\Others\Application Data\drivers\downld\srosa2.sys
(Infected with: Win32.Bagle.SWQ)

C:\Documents and Settings\Others\Application Data\drivers\downld\wfsintwq.sys
(Infected with: Win32.Bagle.Gen)

C:\Documents and Settings\Others\Desktop\SoftForBa\Zone.Alarm.Pro.80059000.Incl.Key
gen.SND\SND\ZoneAlarmProKeygen.exe
(Infected with: Trojan.Generic.912879)

C:\Program Files\IncrediMail\IncrediMail-Patch.exe
(Infected with: Gen:Trojan.Heur.PT.nmX@b0PirEo)

C:\WINDOWS\SYSTEM32\mdelk.exe
(Infected with: Win32.Bagle.WUQ@mm)

Finally, with a good friend's help, I have successfully reinstalled all missing or disabled programs, and the system seems to run very smoothly now. However, I still like to double check with you here because I trust everything WhattehTech says. Here is my new Hijackthis(It seems like there is at least one no name / no file thing on the list):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:09 AM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\reliz\akeys.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Startup Faster 2004\sfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\DAP\DAP.EXE
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: ÖÐ¹ú¹¤ÉÌÒøÐÐBHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\strpfstcfg.exe" -run -SFAURUN -SFCURUN -SFAUSTARTUP -SFCUSTARTUP
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} (BlockHouse Class) - https://ebank.gdb.co...s/CertKitAx.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johnzheng2356...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1222675051475
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc....afeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmat...er/MMLRadio.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICBC Daemon Service - Unknown owner - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 17314 bytes

Edited by LDTate, 27 October 2009 - 10:15 AM.

Advertisements

Register to Remove

#2 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 28 October 2009 - 02:31 AM

Hi Tom_q2356, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

Download OTListIt2 to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with

GMER log
both OTL logs

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 29 October 2009 - 09:01 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-29 15:10:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Others\LOCALS~1\Temp\pwlcipog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEDD7E6B8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEDEB38D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEDEB06E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEDD7E574]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEDEB3E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEDEBAC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEDEBAE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEDEBED50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEDEB3F80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEDEB0C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEDEBDD10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEDD7EA52]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEDEBA600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEDEBE230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEDEBE2B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xEDEBEFD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEDEB0AD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEDD7E64E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEDEBC4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEDEBC2B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEDD7E76E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEDEBE970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEDEBE3D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEDEB34F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEDD7E72E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEDEB3AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEDEB0EA0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEDD7E8AE]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEDEBB580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEDEBB400]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [90, 3E, EB, ED, 80, AC, EB, ...]
.text ntoskrnl.exe!_abnormal_termination + 150 804E27AC 4 Bytes JMP CB30EDD7
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 8 Bytes JMP 641F1798
.text ntoskrnl.exe!_abnormal_termination + 428 804E2A84 4 Bytes CALL F85A1860
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!SetWindowPos 7E4299F3 5 Bytes CALL 00BD1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!DrawIconEx 7E42CB84 5 Bytes CALL 00BD1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!GetIconInfo 7E42D427 5 Bytes CALL 00BD1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2324] USER32.dll!SetWindowPos 7E4299F3 5 Bytes CALL 01BF1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2324] USER32.dll!DrawIconEx 7E42CB84 5 Bytes CALL 01BF1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2324] USER32.dll!GetIconInfo 7E42D427 5 Bytes CALL 01BF1280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Others\Desktop\gmer.exe[3352] USER32.dll!SetWindowPos 7E4299F3 5 Bytes CALL 10001280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Others\Desktop\gmer.exe[3352] USER32.dll!DrawIconEx 7E42CB84 5 Bytes CALL 10001280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Others\Desktop\gmer.exe[3352] USER32.dll!GetIconInfo 7E42D427 5 Bytes CALL 10001280 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EDEC0870] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EDEB8410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EDEB6780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EDEB8B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EDEB8220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EDEB1320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EDEB14D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EDEB1040] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EDEB13D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1560] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1560] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs UniShieldXP.sys

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Mup \Dfs UniShieldXP.sys
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\DefragFS \Device\RaxcoPerfectDisk UniShieldXP.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 LMPC2.SYS (LMPC keyboard filter/FSPro Labs)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 LMPC2.SYS (LMPC keyboard filter/FSPro Labs)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\RAW \Device\RawTape UniShieldXP.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector UniShieldXP.sys
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Rdbss \Device\FsWrap UniShieldXP.sys
Device \FileSystem\InCDfs \Device\InCDfsComm UniShieldXP.sys
Device \FileSystem\Mup \Device\Mup UniShieldXP.sys
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\RAW \Device\RawDisk UniShieldXP.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver UniShieldXP.sys
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanRedirector UniShieldXP.sys
Device \FileSystem\Npfs \Device\NamedPipe UniShieldXP.sys
Device \FileSystem\Msfs \Device\Mailslot UniShieldXP.sys
Device \Driver\AFD \Device\Afd UniShieldXP.sys
Device \FileSystem\RAW \Device\RawCdRom UniShieldXP.sys
Device \Driver\winachsf \Device\Winachsf0 UniShieldXP.sys
Device \FileSystem\Mup \Device\WinDfs\Root UniShieldXP.sys
Device \FileSystem\Fastfat \Fat UniShieldXP.sys
Device \FileSystem\Fastfat \Fat EC68F297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer UniShieldXP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer UniShieldXP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer UniShieldXP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer UniShieldXP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer UniShieldXP.sys
Device \FileSystem\InCDfs \GLOBAL??\BsUDF UniShieldXP.sys
Device \FileSystem\Cdfs \Cdfs UniShieldXP.sys

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psnxml\OpenWithProgids@Post-it\xae Software Note File
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó` 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26\1xågâ\x2039 -535951356
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26\1xågâ\x2039\1x\x2022 12
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó` 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó` 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7 0 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\AmandaFrDenmark.JPG 130869 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\AmandaFrDenmark1.JPG 134227 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 006.jpg 133135 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 007.jpg 128142 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 008.jpg 127443 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 009.jpg 130590 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 010.jpg 129863 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 062.jpg 126443 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 005.jpg 132813 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 011.jpg 132260 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 064.jpg 128900 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 103.jpg 125202 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2499.JPG 129415 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 001.jpg 127704 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 003.jpg 129776 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 004.jpg 130777 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 078.jpg 132623 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 098.jpg 128660 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 099.jpg 129588 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 100.jpg 130695 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 101.jpg 133467 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife 102.jpg 132674 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DaveFrAustralia.JPG 124388 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2459.JPG 128308 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2463.JPG 129414 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2498.JPG 130915 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2686.JPG 121440 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2687.JPG 121997 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2688.JPG 122316 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2689.JPG 122487 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2702.JPG 127561 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2703.JPG 123939 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2704.JPG 125706 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2705.JPG 123733 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\DSCF2706.JPG 128388 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\HelenFrSweden.JPG 130680 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\Thumbs.db 505856 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea 0 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2831.JPG 138454 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2868.JPG 272655 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2908.JPG 161182 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2762.JPG 196947 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2763.JPG 234654 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2764.JPG 235965 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2781.JPG 351839 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2782.JPG 325036 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2789.JPG 231626 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2790.JPG 240386 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2791.JPG 299088 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2792.JPG 306473 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2793.JPG 299486 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2799.JPG 157131 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2819.JPG 224708 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2820.JPG 153438 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2828.JPG 137662 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2830.JPG 128592 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2832.JPG 208005 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2833.JPG 233284 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2834.JPG 237137 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2835.JPG 212443 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2837.JPG 170434 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2838.JPG 215735 bytes
File C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\BeforeKorea\DSCF2839.JPG 203759 bytes
File C:\My Shared Folder\{MX}50.First.Dates.SVCD.TS-TCR(2of2).avi 188503654 bytes

---- EOF - GMER 1.0.15 ----

#4 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 29 October 2009 - 09:02 PM

OTL logfile created on: 10/29/2009 3:17:21 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Others\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 549.71 Mb Available Physical Memory | 53.74% Memory free
1.47 Gb Paging File | 1.05 Gb Available in Paging File | 71.40% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 2.47 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Tom_q2356
Current User Name: Others
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Others\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Stardock\SDMCP.exe (Stardock)
PRC - C:\Program Files\CursorXP\CursorXP.exe ( )
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\reliz\akeys.exe (Softarium.com)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\Startup Faster 2004\sfAgent.exe (URSoft,Inc)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Diskeeper [Auto | Running]) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [Disabled | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (ICBC Daemon Service [Auto | Stopped]) -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe ()
SRV - (ICQ Service [Disabled | Stopped]) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe ()
SRV - (InteractiveLogon [Auto | Stopped]) -- C:\WINDOWS\System32\Fast.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBAMService [Auto | Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (p2pgasvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\p2pgasvc.dll (Microsoft Corporation)
SRV - (PDAgent [On_Demand | Stopped]) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine [On_Demand | Stopped]) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (rpcapd [On_Demand | Stopped]) -- File not found
SRV - (VideoAcceleratorService [Auto | Running]) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (vsmon [Auto | Stopped]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgilentUSBCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Atusbcam.sys (Agilent Technologies)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BTCFilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motfilt.sys (Motorola Inc)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (CMB8100 [Auto | Running]) -- C:\WINDOWS\System32\Drivers\CertClient.dat ()
DRV - (CMBProtector [Auto | Running]) -- C:\WINDOWS\System32\Drivers\CMBProtector.dat ()
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DCamUSBUVT [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbuvt.sys (IC Media Corporation)
DRV - (DefragFS [Auto | Running]) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (DirectDrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MotoVisionDP.sys (Mjtsai Corp)
DRV - (FreshIO [On_Demand | Stopped]) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys ()
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (icm10blk [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\icm10blk.sys (Intel Corporation)
DRV - (ICM10USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ICM10USB.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\incdfs.sys ()
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (lf [Auto | Running]) -- C:\Program Files\Everstrike\Lock Folder XP 3.2\UniShieldXP.sys ()
DRV - (LMPC2 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\lmpc2.sys (FSPro Labs)
DRV - (ManyCam [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ManyCam.sys (ManyCam LLC.)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (MotoSwitchService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motswch.sys (Motorola)
DRV - (Motousbnet [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Motousbnet.sys (Motorola)
DRV - (MOTOVISION [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\motovision.sys (Windows ® 2000 DDK provider)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motport.sys (Motorola)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NetSecCm.sys (Samsung Electronics Co., Ltd)
DRV - (NTSPPPOE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ntspppoe.sys (Efficient Networks, Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (P2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RT2500 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RT2500.sys (Ralink Technology Inc.)
DRV - (RTL8187B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (SPLITCAM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\splitcam.sys (LoteSoft Co.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (Vcs [Auto | Running]) -- C:\WINDOWS\System32\Drivers\Vcs.sys ()
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (ZD1211BU(TP-LINK) [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys (Atheros Technology Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Others\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CursorXP\CurXP0.dll ( )
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 16:16:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/15 14:44:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/02/18 17:41:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/27 11:06:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/27 11:06:40 | 00,000,000 | ---D | M]

[2009/07/30 06:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Extensions
[2008/12/10 15:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/30 06:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/14 15:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions
[2009/07/03 18:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/08 20:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/17 11:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\mozilla\Firefox\Profiles\8g1iwoqs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/13 17:12:02 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Mozilla\FireFox\Profiles\8g1iwoqs.default\searchplugins\icqplugin.xml
[2009/10/05 07:44:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/05 07:44:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/09/27 11:06:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/15 14:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/27 11:06:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/27 11:06:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/15 14:44:07 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/27 11:06:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/02 17:02:48 | 00,200,704 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/08/10 14:23:23 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/06/05 00:16:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/06/05 00:16:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/06/05 00:16:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/06/05 00:16:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/06/05 00:16:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/06/05 00:16:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/06/05 00:16:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/08/10 14:23:55 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/08/10 14:22:21 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/03/10 07:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/08/24 22:09:28 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 22:09:28 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 22:09:28 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 22:09:28 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 22:09:28 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 22:09:28 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 22:09:28 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (948077 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 27936 more lines...
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (PopKiller Class) - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll (SysShield Consulting, Inc.)
O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll (??????)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (1-Click Answers) - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\Program Files\1-Click Answers\IEToolbar\AnswersToolbarU.dll (Answers Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (IncrediBar) - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar)
O3 - HKLM\..\Toolbar: (AbsoluteShield) - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll (AbsoluteShield Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (IncrediBar) - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (1-Click Answers) - {7754C418-F62E-44AA-B169-E719E718BCFD} - C:\Program Files\1-Click Answers\IEToolbar\AnswersToolbarU.dll (Answers Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediBar) - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [StartupFaster] C:\Program Files\Startup Faster 2004\StrpFstCfg.exe (URSoft,Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartupFaster [2009/10/25 13:53:13 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Others\Start Menu\Programs\Startup\StartupFaster [2009/08/02 10:26:11 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = strpfstcfg.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = newadmin.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Logoff - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/11/13 20:44:04 | 00,000,000 | ---D | M]
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBTBar.dll (IncrediBar)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O15 - HKLM\..Trusted Domains: 72 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v4.Windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v4.Windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([Windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 432 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} https://ebank.gdb.co...s/CertKitAx.cab (BlockHouse Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewid...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://Tom_q23562356...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safe...lscbase8460.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://us.games2.yim...ctl_0_0_0_1.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1222675051475 (MUWebControl Class)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://download.yaho...nvfav030408.cab (YbUploadFavsCtl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8192.0495138889 (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} http://wwws.musicmat...er/MMLRadio.cab (MMRadioHostX Class)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Yahoo! MahJong Solitaire http://download.game...s/y/mjst4_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.game...ts/y/pote_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\MCPClient: DllName - C:\Program Files\Common Files\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\mcpstub.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/24 11:42:39 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{44ed95c0-c7f6-11db-bd3c-000bdb17272c}\Shell - "" = AutoRun
O33 - MountPoints2\{44ed95c0-c7f6-11db-bd3c-000bdb17272c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44ed95c0-c7f6-11db-bd3c-000bdb17272c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/05 07:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/10/06 23:31:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/10/15 21:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/23 08:17:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Others\Application Data\drivers
[2009/10/11 13:03:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\JAM Software
[2009/10/15 22:58:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\Kingsoft
[2009/10/23 17:14:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Others\Application Data\m
[2009/10/08 08:01:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\ManyCam
[2009/10/08 17:50:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\uTorrent
[2009/10/08 17:01:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\WebcamMax
[2009/10/02 07:18:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\WinRAR
[2009/10/26 09:40:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Deployment
[2009/10/22 17:30:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Temp
[2009/10/16 08:25:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Yahoo!
[2009/10/05 20:39:43 | 00,000,000 | ---D | C] -- C:\Program Files\AGI
[2009/10/06 23:26:07 | 00,000,000 | ---D | C] -- C:\Program Files\DAP
[2009/10/17 14:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Dream Aquarium
[2009/10/05 07:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6.5
[2009/10/05 07:43:46 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2009/10/24 22:08:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 08:01:35 | 00,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2009/10/02 18:48:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/02 18:54:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/25 15:02:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/10/06 23:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2009/10/08 23:31:05 | 00,000,000 | ---D | C] -- C:\Program Files\SplitCam
[2009/10/25 21:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/10/25 16:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/11 13:03:01 | 00,000,000 | ---D | C] -- C:\Program Files\TreeSize Professional
[2009/10/26 09:45:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/08 17:51:21 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/10/02 07:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/15 22:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2009/10/25 16:17:36 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
File not found -- C:\Documents and Settings\Others\Desktop\CAZBDPKE.
[2009/10/29 12:34:40 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2009/10/24 22:08:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 22:08:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 11:01:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/24 11:01:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/24 10:54:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/10/16 21:21:32 | 00,058,768 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/10/16 21:21:29 | 00,106,384 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/10/16 21:21:29 | 00,069,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/10/16 21:21:19 | 00,030,096 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/10/16 21:21:17 | 01,221,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/10/16 21:21:17 | 00,110,480 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/10/16 21:21:16 | 00,310,160 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/10/16 21:21:16 | 00,107,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/10/16 21:21:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/16 21:21:14 | 00,353,680 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/10/16 21:19:24 | 00,216,464 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/10/16 21:19:24 | 00,107,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/10/16 21:19:23 | 00,475,536 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/10/16 21:17:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/10/08 23:32:51 | 00,013,824 | ---- | C] (LoteSoft Co.) -- C:\WINDOWS\System32\drivers\splitcam.sys
[2009/10/08 02:17:51 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/06 23:31:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Others\My Documents\My DAP Downloads
[2009/10/05 20:47:46 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Others\Desktop\CAZBDPKE.
[2009/10/29 12:34:44 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2009/10/29 12:32:42 | 00,282,833 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\gmer.zip
[2009/10/29 09:21:21 | 00,352,605 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/29 09:19:53 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009/10/29 09:14:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/29 09:13:59 | 10,727,46496 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 11:36:06 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\Buyfurniture.doc
[2009/10/26 11:50:56 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 09:46:45 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job
[2009/10/26 09:42:26 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Others.job
[2009/10/25 21:31:04 | 00,000,424 | ---- | M] () -- C:\WINDOWS\NJCOM.INI
[2009/10/25 16:27:18 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/24 15:09:14 | 00,000,999 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/10/24 15:09:14 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/24 15:09:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/23 18:12:04 | 00,551,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/23 18:12:04 | 00,475,446 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/23 18:12:04 | 00,085,514 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/23 18:01:44 | 00,948,077 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/10/23 17:27:11 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/21 15:55:50 | 00,016,758 | ---- | M] () -- C:\WINDOWS\ePrompter.ini
[2009/10/17 19:37:35 | 00,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2009/10/17 13:41:34 | 00,102,400 | ---- | M] () -- C:\WINDOWS\DreamAquarium.scr
[2009/10/16 13:22:44 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\gmer.exe
[2009/10/09 23:26:28 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\mylk.dat
[2009/10/08 23:32:51 | 00,013,824 | ---- | M] (LoteSoft Co.) -- C:\WINDOWS\System32\drivers\splitcam.sys
[2009/10/08 22:35:02 | 00,939,061 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20091023-180144.backup
[2009/10/08 08:03:18 | 00,001,568 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\ManyCam 2.4.lnk
[2009/10/06 23:31:26 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\anigif.ocx
[2009/10/05 20:46:57 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/05 20:46:57 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/03 02:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 00:35:15 | 00,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 23:37:34 | 00,935,743 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20091001-234412.backup

========== Files - No Company Name ==========
[2009/10/29 12:39:51 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\gmer.exe
[2009/10/29 12:32:38 | 00,282,833 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\gmer.zip
[2009/10/28 11:36:05 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\Buyfurniture.doc
[2009/10/26 09:46:45 | 00,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job
[2009/10/26 09:11:30 | 10,727,46496 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/24 22:10:21 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Others.job
[2009/10/17 14:45:08 | 00,094,208 | ---- | C] () -- C:\WINDOWS\Dream Aquarium.scr
[2009/10/17 13:41:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\DreamAquarium.scr
[2009/10/16 21:21:14 | 00,352,605 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/08 23:31:14 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\actskn43.ocx
[2009/10/08 17:00:02 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/10/08 08:03:17 | 00,001,568 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\ManyCam 2.4.lnk
[2009/09/11 13:15:03 | 00,001,500 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/02 10:35:04 | 00,000,028 | ---- | C] () -- C:\WINDOWS\PIMAREG.INI
[2009/03/30 21:20:41 | 00,389,175 | ---- | C] () -- C:\WINDOWS\System32\RsaFun.dll
[2009/03/30 21:20:41 | 00,282,734 | ---- | C] () -- C:\WINDOWS\System32\NPCard.dll
[2009/03/30 21:20:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\UnblkPIN.dll
[2009/03/30 21:20:39 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jcutilTdrUKLCD.dll
[2009/03/30 21:20:38 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\jcutilHUAUK.dll
[2009/03/30 21:20:38 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\jcutilHUAUKLCD.dll
[2009/03/30 21:20:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcutilgem101101.dll
[2009/03/30 21:20:36 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\jcinGEM102.dll
[2009/03/30 21:20:34 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\jcidGEM102.dll
[2009/03/30 21:20:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hmukchk.dll
[2009/03/30 21:20:31 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\GEMPIN01.dll
[2009/03/30 21:20:30 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\GdApi.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/15 17:34:20 | 02,823,496 | -H-- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\IconCache.db
[2008/12/06 17:42:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/12/06 17:42:17 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/09/14 07:52:41 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\CmbSafeBase.dll
[2008/09/14 07:52:40 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\PBHttpComm.dll
[2006/09/03 19:18:39 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\jcinTHTFUK.dll
[2006/09/03 19:18:38 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\jcidTHTFUK.dll
[2006/09/03 19:18:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\jcinpublic.dll
[2006/09/03 19:18:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\jcinHUAUK.dll
[2006/09/03 19:18:38 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\jcidHUAUK.dll
[2006/09/03 19:18:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcinGEM101.dll
[2006/09/03 19:18:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcidGEM101.dll
[2006/09/03 19:18:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcidGD84.dll
[2006/09/03 19:18:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\jcinGD84.dll
[2006/09/03 19:18:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jcidWATCHK.dll
[2006/09/03 19:18:37 | 00,262,208 | ---- | C] () -- C:\WINDOWS\System32\GPKPCSC.dll
[2006/09/03 19:18:37 | 00,241,758 | ---- | C] () -- C:\WINDOWS\System32\GPKPIN.dll
[2006/09/03 19:18:37 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CEA_Crypt.dll
[2006/09/03 19:18:37 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ChangPIN.dll
[2006/09/03 19:18:36 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jcinWATCHK.dll
[2006/09/03 19:18:34 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\USBKey.dll
[2006/08/21 00:37:59 | 00,002,913 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/10 06:58:31 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\70681b24.dll
[2006/08/10 06:58:28 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\68af6bb3.dll
[2006/07/10 18:19:56 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/04/08 10:11:38 | 00,000,040 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/03/22 10:03:02 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/03/21 19:47:12 | 00,085,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2006/02/27 18:06:40 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2006/02/19 16:25:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/02/14 17:25:44 | 00,000,009 | ---- | C] () -- C:\WINDOWS\winxfigt.sys
[2005/12/25 18:00:36 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/11/16 10:40:42 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/16 10:40:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/19 13:45:34 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005/10/19 12:57:04 | 00,000,027 | ---- | C] () -- C:\WINDOWS\AdvConfig.ini
[2005/05/15 13:29:59 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2005/04/28 13:51:17 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\odlib.dll
[2005/03/28 16:36:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2005/02/11 23:36:33 | 00,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2005/01/21 10:52:56 | 00,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/04 12:41:31 | 00,000,214 | ---- | C] () -- C:\WINDOWS\Gurunet.ini
[2005/01/03 14:25:15 | 00,000,206 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2004/12/25 10:46:48 | 00,000,064 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2004/12/03 16:54:11 | 00,016,758 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2004/11/06 17:11:28 | 00,000,806 | ---- | C] () -- C:\WINDOWS\UnitConverter.INI
[2004/10/27 06:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/17 21:38:38 | 05,144,064 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\70549405-1385-4dbb-9a1a-15a3af3d067b.msi
[2004/10/08 08:08:11 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\stdsoap2.dll
[2004/08/28 22:33:27 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2004/08/28 22:30:55 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2004/08/16 14:52:06 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\CMBEdit.dll
[2004/07/30 16:20:41 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\fusioncache.dat
[2004/07/24 17:44:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/03 20:32:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\audio.INI
[2004/07/03 20:20:24 | 00,000,173 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2004/07/03 20:20:24 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx96.ini
[2004/06/19 12:48:35 | 00,000,067 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2004/06/06 13:39:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/03 22:08:19 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/03 21:44:16 | 00,000,146 | ---- | C] () -- C:\WINDOWS\TBPlugin.INI
[2004/06/03 21:44:16 | 00,000,095 | ---- | C] () -- C:\WINDOWS\avconfig.ini
[2004/05/26 10:30:32 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\astrolib32.dll
[2004/05/25 12:11:43 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/05/24 09:05:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SIMAQU~1.INI
[2004/04/03 16:53:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/09 14:50:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ICMSetup532.dll
[2004/03/09 14:50:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\8532util.dll
[2004/02/03 21:09:07 | 00,000,093 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/10/16 10:48:44 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/10/14 18:43:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/09/05 18:18:30 | 00,000,048 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2003/05/27 14:49:00 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2003/05/19 09:12:28 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\PFP100JPR.{PB
[2003/05/19 09:12:28 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\PFP100JCM.{PB
[2003/05/14 19:48:08 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FastAIT.INI
[2003/05/05 10:31:44 | 00,001,663 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/05/01 20:01:48 | 00,000,424 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2003/05/01 12:15:04 | 00,000,023 | ---- | C] () -- C:\WINDOWS\NtsUninstall.ini
[2003/05/01 11:39:32 | 00,000,068 | ---- | C] () -- C:\WINDOWS\XDICT.INI
[2003/04/25 14:17:43 | 00,194,560 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/04/13 17:47:44 | 00,000,095 | ---- | C] () -- C:\WINDOWS\ntsautodial.ini
[2003/03/31 02:02:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Others\Application Data\DESKTOP.INI
[2003/03/31 02:02:09 | 00,058,504 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/03/19 01:01:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/19 00:46:32 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/03/19 00:46:28 | 00,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/03/19 00:34:19 | 00,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/19 00:06:10 | 00,000,310 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/04 00:39:08 | 00,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2002/09/03 22:59:58 | 00,000,999 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 22:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/03 22:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/03/21 15:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/10/08 18:59:28 | 00,000,821 | ---- | C] () -- C:\WINDOWS\txp-lcn.ini
[2001/10/08 13:24:26 | 00,148,544 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/10/08 12:59:46 | 00,016,960 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2000/11/24 18:05:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\Cpuinfo2.dll
[1999/03/16 17:32:33 | 00,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll
[1999/01/22 11:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/04 03:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/16 18:58:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/04/10 14:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/10/05 20:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/10/29 12:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2003/03/19 00:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/07/28 15:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Effexis Software
[2008/01/04 19:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/10/05 07:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2006/04/19 22:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2005/01/21 14:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keyhole
[2008/09/07 11:51:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2006/01/03 15:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/10/23 17:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mcache
[2003/04/08 22:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/01/24 10:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2003/03/19 00:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/02/09 12:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/10/06 23:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2006/04/11 13:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/10/29 12:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/01/29 13:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/15 21:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/25 21:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data
[2004/05/28 21:37:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\3M
[2008/09/07 09:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\AccurateRip
[2006/04/10 14:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ACD Systems
[2006/10/15 09:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Avant Browser
[2009/10/27 23:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Babylon
[2009/07/03 11:49:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Camfrog
[2003/10/10 20:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Corel
[2004/09/27 15:14:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\COWON
[2009/07/29 23:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DMCache
[2009/10/24 11:36:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Others\Application Data\drivers
[2009/07/28 15:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Effexis Software
[2009/07/12 14:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Fetion
[2005/03/16 16:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\GlobalSCAPE
[2009/03/26 20:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ICQ
[2006/05/17 17:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ICQLite
[2009/07/29 23:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\IDM
[2008/01/19 18:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\IE7Pro
[2008/04/12 23:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\IEPro
[2006/04/29 10:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Inbit
[2003/04/03 23:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\InterVideo
[2006/04/19 22:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Intuit
[2009/10/11 13:03:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\JAM Software
[2004/02/01 22:35:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Jasc
[2005/01/21 14:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Keyhole
[2009/10/15 22:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Kingsoft
[2004/05/28 10:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Kontiki
[2006/09/17 09:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Leadertech
[2009/10/09 01:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\LimeWire
[2009/10/23 20:48:21 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Others\Application Data\m
[2009/10/08 08:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ManyCam
[2008/01/24 14:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\MiniDm
[2007/12/12 21:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\MSN6
[2009/06/23 09:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\NJStar
[2005/04/21 23:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Opera
[2004/11/06 13:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\PeerNetworking
[2006/04/08 10:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ppStream
[2005/02/15 20:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\RhinoSoft.com
[2003/03/31 02:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Roxio
[2004/11/23 17:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Secretmaker
[2006/10/14 08:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Sereniti
[2009/10/29 12:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\SlimBrowser
[2005/05/21 12:11:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Softarium.com
[2005/03/14 18:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Software602
[2009/09/16 22:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\SolidDocuments
[2005/05/01 01:06:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Sony
[2005/01/18 15:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\STOIK
[2009/10/14 10:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\U3
[2009/10/23 18:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\uTorrent
[2008/01/24 14:23:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\WeatherWatcher
[2008/12/08 21:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\WeatherWatcherLive
[2009/10/08 17:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\WebcamMax
[2005/01/13 14:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Webshots
[2005/12/28 13:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\WinPatrol
[2009/08/03 11:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\wsInspector
[2009/09/14 00:33:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2002/08/29 19:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2006/10/01 09:00:02 | 00,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2005/03/21 09:00:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\FreshDiagnose Report.job
[2009/10/26 09:46:45 | 00,000,930 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job
[2009/10/26 09:42:26 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Others.job
[2006/12/08 18:16:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/05/21 00:27:05 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 284 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28BB1CE8
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >

Edited by Tom_q2356, 29 October 2009 - 09:07 PM.

#5 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 29 October 2009 - 09:09 PM

OTL Extras logfile created on: 10/29/2009 3:17:21 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Others\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 549.71 Mb Available Physical Memory | 53.74% Memory free
1.47 Gb Paging File | 1.05 Gb Available in Paging File | 71.40% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 2.47 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Tom_q2356
Current User Name: Others
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JPEGScan] -- blank File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25:TCP" = 25:TCP:*:Enabled:File and Printer Sharing
"8529:TCP" = 8529:TCP:*:Enabled:yduq

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\KWMUSIC\KwMusic.exe" = C:\Program Files\KWMUSIC\KwMusic.exe:*:Enabled:¿áÎÒÒôÀÖºÐ -- (????)
"C:\Program Files\KWMUSIC\KwMV.exe" = C:\Program Files\KWMUSIC\KwMV.exe:*:Enabled:¿áÎÒMV´«ÊäÒýÇæ -- ()
"C:\Program Files\China Mobile\Fetion\FetionFX.exe" = C:\Program Files\China Mobile\Fetion\FetionFX.exe:*:Enabled:Fetion -- (China Mobile)
"C:\Program Files\China Mobile\Fetion\VMDotNet\v2.0.50727\FetionVM.exe" = C:\Program Files\China Mobile\Fetion\VMDotNet\v2.0.50727\FetionVM.exe:*:Enabled:FetionVM -- (China Mobile)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0712667C-A171-49AE-A098-4ACDA28625F8}" = Sony Sound Forge 7.0
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F6A7971-0F11-4A79-A0E9-133D0963A570}" = ISO Recorder
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a8b4ccf-4f49-4210-89e3-4b31141493b0}" = RelevantKnowledge
"{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{38B122B2-3257-4E43-BD51-327599ECBA46}" = 中国工商银行防钓鱼软件
"{395131D0-71C3-4411-8DDD-84E7A4EC8754}" = Intellisync® for Yahoo!
"{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}" = ICM532
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7CF065E2-7816-4440-9019-034A2285F9DF}" = Tweak-XP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C8658D-58A9-4855-ADF2-2448C9410F29}" = Internet PrintWhere 2.6
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95F62044-BD5E-44DC-928E-8224297E9B4B}" = Lock Folder XP v3.2
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{98FDC595-92B3-48D5-80D6-FE7AABD9191B}_is1" = Weather Watcher Live
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8
"{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B98B1E3C-B6BE-40C3-993F-B96E4E1D1486}" = ICBC NetBank Client Controls
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
"{C46A5F24-B91F-477C-B634-DB99A7D7792A}" = TablePCRT
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6B79F07-62D1-46C9-A225-625ACC748144}" = Diskeeper Professional Premier Edition
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"1-Click Answers" = 1-Click Answers
"AbsoluteShield File Shredder_is1" = AbsoluteShield File Shredder
"AbsoluteShield Internet Eraser Pro_is1" = AbsoluteShield Internet Eraser Pro
"Ace Utilities_is1" = Ace Utilities 2.4.1
"Active Security Monitor_is1" = Active Security Monitor 1.0.0.315
"Active WebCam" = Active WebCam
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"AddWeb 7 Pro" = AddWeb 7 Pro
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"AMF Daily Planner and PIM" = AMF Daily Planner and PIM
"AQ3D" = Aquatica 3D
"AqSceneMaker" = Aquatica Scenery Maker
"Aquatica3" = Aquatica 3
"Ashampoo UnInstaller Platinum 2" = Ashampoo UnInstaller Platinum 2
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.30
"AskPBar Uninstall" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"AV Voice Changer Software 3.0" = AV Voice Changer Software 3.0
"AvantBrowser" = Avant Browser (remove only)
"avast!" = avast! Antivirus
"Babylon" = Babylon
"BadCopy Pro" = BadCopy Pro
"BCDP7_is1" = Business Card Designer Plus 7.3.0.0
"Biz-Plan" = Biz-Plan
"BootSkin" = BootSkin
"Camfrog 5.3" = Camfrog Video Chat 5.3
"Camfrog Server 3.2" = Camfrog Server 3.2 (remove only)
"CCleaner" = CCleaner (remove only)
"CMBPB40" = ÕÐÐÐ×¨Òµ°æ
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"CursorXP" = CursorXP
"Customizer XP_is1" = Customizer XP
"CyberBuddy" = CyberBuddy
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DesktopX Professional" = DesktopX Professional
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DreamAqua" = Dream Aquarium
"DSBACK1_is1" = Additional Background Pack 1
"DSCLIP1_is1" = Additional Clipart Pack 1
"DSCLIPBW_is1" = Additional Clipart Pack BW
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"ePrompter" = ePrompter
"Fetion" = Fetion 2008
"FileSpecs extension for Ad-aware 6" = FileSpecs extension for Ad-aware 6
"Flight Simulator Screensaver" = Flight Simulator Screensaver 0.9
"Free Internet TV_is1" = Free Internet TV v3.5
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"FTP Voyager_is1" = FTP Voyager 11.0
"FunPhotor_is1" = FunPhotor 6.0
"GetRight Pro" = GetRight Pro
"Good Sync_is1" = Good Sync version 4.6.10
"HexDump extension for Ad-aware 6" = HexDump extension for Ad-aware 6
"Highway Pursuit_is1" = Highway Pursuit
"HijackThis" = HijackThis 2.0.2
"Holding Pattern" = Holding Pattern Screen Saver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IconPackager" = IconPackager
"ICQToolbar" = ICQ Toolbar
"iDailyDiary_is1" = iDailyDiary 3.52
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"imageN 1.4b_is1" = imageN 1.4b
"InCD!UninstallKey" = Ahead InCD
"IncrediBar" = IncrediBar
"IncrediMail" = IncrediMail Xe
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
"Konvertor" = Konvertor
"KwMusic" = Ð¶ÔØ¿áÎÒÒôÀÖºÐ
"LDPD7_is1" = Label Designer Plus DELUXE 7.3.0.0
"LimeWire" = LimeWire PRO 5.2.8
"LogonStudio" = LogonStudio
"LSP Explorer Pluginfor Ad-aware 6" = LSP Explorer Pluginfor Ad-aware 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Control Plugin for Ad-aware" = Messenger Control Plugin for Ad-aware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NJStar Communicator" = NJStar Communicator
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = Ahead NeroMIX
"ObjectDock Plus" = ObjectDock Plus
"phoenix.zip" = phoenix.zip
"Picasa 3" = Picasa 3
"PSN" = Post-it® Software Notes
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"ShenProfessional 3.0" = ShenProfessional 3.0
"Shop for HP Supplies" = Shop for HP Supplies
"SimAQUARIUM2 Free_is1" = SimAQUARIUM2 Free
"SlimBrowser" = SlimBrowser (remove only)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Startup Faster! 2004_is1" = Startup Faster! 2004
"SwitchOff" = Switch Off
"Synacast Plug-in" = Synacast Plug-in 1.1.0.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teleport Pro" = Teleport Pro
"TimeLeft 2.16_is1" = TimeLeft FREEWARE edition
"Trash Killer" = Trash Killer 2
"TreeSize Professional 5.0_is1" = TreeSize Professional 5.0
"Trillian" = Trillian
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TypingMaster Pro" = TypingMaster Pro
"TZ Connection Booster_is1" = TZ Connection Booster 2.6
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"uTorrent" = µTorrent
"Vital Desktop" = Vital Desktop (remove only)
"Volutive 1" = Volutive 1
"vTuner Plus" = vTuner Plus
"Water Screen Saver" = Water Screen Saver 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Weather Watcher_is1" = Weather Watcher
"Webshots Desktop_is1" = Webshots Desktop
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Scheduler_is1" = System Scheduler 3.31
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG Video Convert 3.1" = WinMPG Video Convert 3.1
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X1 Desktop Search" = X1
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Central" = Yahoo! Central
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Toolbar" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
011.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
015.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
016.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
017.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
018.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
019.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
020.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
021.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
023.jpg failed, 00000005.

Error - 1/2/2009 12:41:27 PM | Computer Name = Tom_q2356 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Others\My Documents\My Pictures\AllAboutMe\AprilYr7\BetterLife
024.jpg failed, 00000005.

[ Application Events ]
Error - 10/23/2009 6:11:54 AM | Computer Name = Tom_q2356 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5430, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 10/23/2009 6:11:54 AM | Computer Name = Tom_q2356 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 10/23/2009 6:12:00 AM | Computer Name = Tom_q2356 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5430, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 10/23/2009 6:12:00 AM | Computer Name = Tom_q2356 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 10/23/2009 6:12:02 AM | Computer Name = Tom_q2356 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5430, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 10/23/2009 6:14:15 AM | Computer Name = Tom_q2356 | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 7.2.6001.788, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x000209b1.

Error - 10/23/2009 10:57:54 PM | Computer Name = Tom_q2356 | Source = Application Error | ID = 1000
Description = Faulting application f-bagle.exe, version 1.0.14.0, faulting module
f-bagle.exe, version 1.0.14.0, fault address 0x000013fc.

Error - 10/25/2009 2:44:09 AM | Computer Name = Tom_q2356 | Source = Application Error | ID = 1000
Description = Faulting application vsmon.exe, version 8.0.59.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/26/2009 9:38:48 PM | Computer Name = Tom_q2356 | Source = Google Update | ID = 20
Description =

Error - 10/29/2009 2:32:21 AM | Computer Name = Tom_q2356 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 10/28/2009 9:31:03 AM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/28/2009 9:31:03 AM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 10/28/2009 9:32:08 AM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7034
Description = The ICBC Daemon Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/28/2009 9:18:54 PM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 10/28/2009 9:18:54 PM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7001
Description = The InteractiveLogon service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 10/28/2009 9:20:53 PM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/28/2009 9:20:53 PM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 10/28/2009 9:21:36 PM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7034
Description = The ICBC Daemon Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/29/2009 12:37:15 AM | Computer Name = Tom_q2356 | Source = bcm4sbxp | ID = 327684
Description = Broadcom 440x 10/100 Integrated Controller: The network link is down.
Check to make sure the network cable is properly connected.

Error - 10/29/2009 12:37:54 AM | Computer Name = Tom_q2356 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

< End of report >

#6 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 30 October 2009 - 03:59 AM

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield
Do not copy the word CODE , please note the script starts with the :
```
:filefind
Ati2evxx.exe
:file
C:\WINDOWS\System32\Ati2evxx.exe
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Download and run Win32kDiag:

Download Win32kDiag from any of the following locations and save it to your Desktop.
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
- To ensure the entire contents are copied, right click anywhere in the notepad and click Select All
- Right click the highlited text and click copy

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".
During the download, before you save it to your desktop, rename Combofix to jgh.exe

It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Double click on ComboFix.exe(renamed to jgh.exe) & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]

Please post back with

SystemLook log
Win32kDiag.txt
combofix log

How is the computer?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#7 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 30 October 2009 - 11:58 AM

Hi Oldman960,

I am sorry I did not read carefully before I downloaded combofix. Could you please tell me how to uninstall combofix so that I can redownload it and save as a different name during download? Thanks!

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 07:44 on 30/10/2009 by Others (Administrator - Elevation successful)

========== filefind ==========

Searching for "Ati2evxx.exe"

Running from: C:\Documents and Settings\Others\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Others\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

#8 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 30 October 2009 - 01:17 PM

Hi Tom_q2356, Just locate combofix.exe on your desktop, right click it and select delete. The SystemLook log doesn't look right. Please run it again. Then run combofix. Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 30 October 2009 - 04:27 PM

SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 11:28 on 30/10/2009 by Others (Administrator - Elevation successful) ========== filefind ========== Searching for "Ati2evxx.exe" C:\I386\ati2evxx.exe --a--- 147456 bytes [22:12 26/03/2003] [04:22 08/11/2002] 61B40A0C3D725DBDCBC6999DD6BA4A4F C:\WINDOWS\SYSTEM32\ati2evxx.exe --a--- 147456 bytes [06:00 01/01/1980] [04:22 08/11/2002] 61B40A0C3D725DBDCBC6999DD6BA4A4F ========== file ========== C:\WINDOWS\System32\Ati2evxx.exe - File found and opened. MD5: 61B40A0C3D725DBDCBC6999DD6BA4A4F Created at 06:00 on 01/01/1980 Modified at 04:22 on 08/11/2002 Size: 147456 bytes Attributes: --a--- -=End Of File=-

#10 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 30 October 2009 - 04:36 PM

ComboFix 09-10-28.08 - Others 10/30/2009 11:45.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.562 [GMT 8:00]
Running from: c:\documents and settings\Others\Desktop\jgh.exe
AV: avast! antivirus 4.8.1351 [VPS 091030-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Others\Application Data\drivers\downld
c:\documents and settings\Others\Application Data\drivers\downld\364634.exe
c:\documents and settings\Others\Application Data\drivers\downld\400175.exe
c:\documents and settings\Others\Application Data\drivers\downld\447142.exe
c:\documents and settings\Others\Application Data\drivers\downld\451549.exe
c:\documents and settings\Others\Application Data\drivers\downld\452921.exe
c:\documents and settings\Others\Application Data\drivers\downld\512116.exe
c:\documents and settings\Others\Application Data\drivers\downld\513458.exe
c:\documents and settings\Others\Application Data\drivers\downld\513979.exe
c:\documents and settings\Others\Application Data\drivers\downld\580825.exe
c:\documents and settings\Others\Application Data\drivers\downld\588195.exe
c:\documents and settings\Others\Application Data\drivers\downld\592762.exe
c:\documents and settings\Others\Application Data\drivers\winupgro.exe
c:\documents and settings\Others\Application Data\m
c:\documents and settings\Others\Application Data\m\data.oct
c:\documents and settings\Others\Application Data\m\list.oct
c:\documents and settings\Others\Application Data\m\shared\3D Water Effects 1.0 (Crack).zip
c:\documents and settings\Others\Application Data\m\shared\5_Card_Slingo_Deluxe_1.zip
c:\documents and settings\Others\Application Data\m\shared\A-one_DVD_to_MP3_Ripper_4.22.zip
c:\documents and settings\Others\Application Data\m\shared\AcidSpider_1.08.zip
c:\documents and settings\Others\Application Data\m\shared\Adolix_PDF_Converter_PRO_3.2.zip
c:\documents and settings\Others\Application Data\m\shared\Agree DIVX XVID AVI to WMV DVD Converter 4.0.zip
c:\documents and settings\Others\Application Data\m\shared\AIAB_(Am_I_a_Bot)_1.1.zip
c:\documents and settings\Others\Application Data\m\shared\ALTools Lunar Zodiac Snake Wallpaper 2005 Key.zip
c:\documents and settings\Others\Application Data\m\shared\Amethyst_PLT-2-DWG_2.01_KeyGen.zip
c:\documents and settings\Others\Application Data\m\shared\Another_ViewPoint_5.01.zip
c:\documents and settings\Others\Application Data\m\shared\Another_Volume_Control_Widget_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\ApexSQL Code 2008.04.zip
c:\documents and settings\Others\Application Data\m\shared\Apollo_Missions_1.0_(Key+Serial).zip
c:\documents and settings\Others\Application Data\m\shared\Aptcode Media Manager 1.2.19.zip
c:\documents and settings\Others\Application Data\m\shared\AutoRun Wizard 2.03.zip
c:\documents and settings\Others\Application Data\m\shared\AutoTag 7.1.24.0.zip
c:\documents and settings\Others\Application Data\m\shared\AVCutty_2.4e.zip
c:\documents and settings\Others\Application Data\m\shared\AVG.Anti.Spyware.v7.5.0.47.Multilanguage.Cracked-CRD.zip
c:\documents and settings\Others\Application Data\m\shared\AVG_Anti-Spyware_Plus_7.5.0.50.zip
c:\documents and settings\Others\Application Data\m\shared\AVS_Video_to_GO_2.1.1.102_(KeyGen).zip
c:\documents and settings\Others\Application Data\m\shared\axsImaging 2.0.1.zip
c:\documents and settings\Others\Application Data\m\shared\Bernard_and_Hank_1.2.zip
c:\documents and settings\Others\Application Data\m\shared\Bitrate Broadcast Calculator 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Blue Theme 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Budget Advisor 2.26.zip
c:\documents and settings\Others\Application Data\m\shared\ccfilechecker 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Cd_Autoplay_Gen_2.0_(Serial).zip
c:\documents and settings\Others\Application Data\m\shared\Chess3D_2.01.zip
c:\documents and settings\Others\Application Data\m\shared\Christmas Weather Report Screensaver 1.2.1.zip
c:\documents and settings\Others\Application Data\m\shared\CL_Buddy_2.2.zip
c:\documents and settings\Others\Application Data\m\shared\Clippy 1.2.0 Build 20616.zip
c:\documents and settings\Others\Application Data\m\shared\Crystal XP 0.21 Prebuild.zip
c:\documents and settings\Others\Application Data\m\shared\Data ASAP 3.3.37.zip
c:\documents and settings\Others\Application Data\m\shared\DataTierHelper_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\DB_Explorer_3.0.0.zip
c:\documents and settings\Others\Application Data\m\shared\Disk Space Monitor 1.0 b4.zip
c:\documents and settings\Others\Application Data\m\shared\DiskArcher_Backup_Utility_2.21.zip
c:\documents and settings\Others\Application Data\m\shared\Double-Click to Reload Tabs 1.1.1.zip
c:\documents and settings\Others\Application Data\m\shared\Ease Video Converter 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Ease_CD_Ripper_1.50_KeyGen.zip
c:\documents and settings\Others\Application Data\m\shared\ePodcast_Express_1.0.25_[Key].zip
c:\documents and settings\Others\Application Data\m\shared\Excel2HTML_Interactive_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Excelsior Installer 1.8.zip
c:\documents and settings\Others\Application Data\m\shared\ExtraSMS 1.7.zip
c:\documents and settings\Others\Application Data\m\shared\Fast Soft Knee Limiter 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\File Topper 1.01.zip
c:\documents and settings\Others\Application Data\m\shared\Fish_Tycoon_1.1.zip
c:\documents and settings\Others\Application Data\m\shared\Flashcard_Tables_1.09_Serial.zip
c:\documents and settings\Others\Application Data\m\shared\Free and Easy Biorhythm Calculator 3.011.zip
c:\documents and settings\Others\Application Data\m\shared\General Aviation 3 1.1.zip
c:\documents and settings\Others\Application Data\m\shared\Gravitational Lensing 1.00.zip
c:\documents and settings\Others\Application Data\m\shared\Habu_(formerly_Okopipi)_1.8.6.2.zip
c:\documents and settings\Others\Application Data\m\shared\Haxial TextEdit 1.700.zip
c:\documents and settings\Others\Application Data\m\shared\honestech_MPEG_Encoder_6.0_[Key].zip
c:\documents and settings\Others\Application Data\m\shared\Hot_Rod_Cars_Screensaver_4.0.zip
c:\documents and settings\Others\Application Data\m\shared\HX_CLoK 1.0.0.0.zip
c:\documents and settings\Others\Application Data\m\shared\HydraIRC 0.3.160.zip
c:\documents and settings\Others\Application Data\m\shared\I Love You Darling 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\IDAutomation Code 128 Font Advantage 6.10.zip
c:\documents and settings\Others\Application Data\m\shared\Identify_Emails_-_Collect_emails_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\IE_ScrollBar_FreeStyler_Plus_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Image Sorter 2004 1.3.zip
c:\documents and settings\Others\Application Data\m\shared\Intech_ITSleuth_1.0_[With_Crack].zip
c:\documents and settings\Others\Application Data\m\shared\Internet_Quotes_Assistant_3.80_Crack.zip
c:\documents and settings\Others\Application Data\m\shared\JDLabAgent 1.0.1.zip
c:\documents and settings\Others\Application Data\m\shared\Jesterware iPod Video Suite 2.06.zip
c:\documents and settings\Others\Application Data\m\shared\JPOW_Calendar_4.2_(With_Crack).zip
c:\documents and settings\Others\Application Data\m\shared\KIIS_102.7_Radio_2.0.zip
c:\documents and settings\Others\Application Data\m\shared\Kurral 6.zip
c:\documents and settings\Others\Application Data\m\shared\Landscape_screensaver_2.3.zip
c:\documents and settings\Others\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 Polish - Portuguese 1.1.18 [Cracked].zip
c:\documents and settings\Others\Application Data\m\shared\Live_Billiards_2.1.zip
c:\documents and settings\Others\Application Data\m\shared\LiveCalc_2.0.zip
c:\documents and settings\Others\Application Data\m\shared\Lotto Cheatah 2.33.zip
c:\documents and settings\Others\Application Data\m\shared\MailBee POP3 5.2.zip
c:\documents and settings\Others\Application Data\m\shared\MailDetective for Exchange Server 2.1c.zip
c:\documents and settings\Others\Application Data\m\shared\McAfee.ePo.3.0SP1.zip
c:\documents and settings\Others\Application Data\m\shared\MCSE_Windows_2000_Administration_301.zip
c:\documents and settings\Others\Application Data\m\shared\MD5 Generator 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Mind Mastery Mental Conditioning 1.zip
c:\documents and settings\Others\Application Data\m\shared\MLHotKey_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Movies_12.zip
c:\documents and settings\Others\Application Data\m\shared\No Trace 3.0b.zip
c:\documents and settings\Others\Application Data\m\shared\Norton.Antivirus.2006.+crack+serial.zip
c:\documents and settings\Others\Application Data\m\shared\NuGenSQLWorks.NET 1.5.613.zip
c:\documents and settings\Others\Application Data\m\shared\Online To-Do List Manager.zip
c:\documents and settings\Others\Application Data\m\shared\Open Contacts 5.2.zip
c:\documents and settings\Others\Application Data\m\shared\Ortus_Shell_Dialogs_1.51_[Key].zip
c:\documents and settings\Others\Application Data\m\shared\Packed_Column_Calculator_1.1_[KeyGen].zip
c:\documents and settings\Others\Application Data\m\shared\PasswordMaker Firefox Add-on 1.7.2.zip
c:\documents and settings\Others\Application Data\m\shared\pasteCode_0.6.1.zip
c:\documents and settings\Others\Application Data\m\shared\Pluto's ColorPick 1.03.zip
c:\documents and settings\Others\Application Data\m\shared\PPC-Protect_1_build_04.04.zip
c:\documents and settings\Others\Application Data\m\shared\Prime Integer Observatory 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Punch_Me_In_1.17.zip
c:\documents and settings\Others\Application Data\m\shared\Purina Yesterday's News 1.2.zip
c:\documents and settings\Others\Application Data\m\shared\Rconfig_3.1.1.zip
c:\documents and settings\Others\Application Data\m\shared\Realtime Landscaping Architect 1.03.zip
c:\documents and settings\Others\Application Data\m\shared\Rebound Recharged.zip
c:\documents and settings\Others\Application Data\m\shared\RN Password Manager 4.0.0.zip
c:\documents and settings\Others\Application Data\m\shared\Roommate_Finder_Solution_JUL.2007_(KeyGen).zip
c:\documents and settings\Others\Application Data\m\shared\SE_BOM_Extractor_3.6.27.zip
c:\documents and settings\Others\Application Data\m\shared\SetFSBTray 1.1.2.zip
c:\documents and settings\Others\Application Data\m\shared\Shrek 3 Screensaver 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\SignalLab VCL 3.1.zip
c:\documents and settings\Others\Application Data\m\shared\SkreenCAM 1.0 Beta.zip
c:\documents and settings\Others\Application Data\m\shared\SmartDraw_Photo_2.03.zip
c:\documents and settings\Others\Application Data\m\shared\Snackster.net_1.0.0_build_55.zip
c:\documents and settings\Others\Application Data\m\shared\SoftPepper DVD Ripper 1.0 (Serial).zip
c:\documents and settings\Others\Application Data\m\shared\StreamAware 1.0 Cracked.zip
c:\documents and settings\Others\Application Data\m\shared\SunRav_BookOffice_3.0_With_Crack.zip
c:\documents and settings\Others\Application Data\m\shared\Tellura Key Minder 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Tray_Pilot_1.20_Build_14.zip
c:\documents and settings\Others\Application Data\m\shared\TweakNow Windows Customizer 1.1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Unreal Tournament 2003 - Defiance Invasion map.zip
c:\documents and settings\Others\Application Data\m\shared\Unreal_Update_2.2.4b1.zip
c:\documents and settings\Others\Application Data\m\shared\USB-WinLock_1.2_[Serial].zip
c:\documents and settings\Others\Application Data\m\shared\Vehicules 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Video-AVI to GIF Converter 3.011.zip
c:\documents and settings\Others\Application Data\m\shared\WASP_-Water_And_Steam_Properties_2.0.36.zip
c:\documents and settings\Others\Application Data\m\shared\Web_Site_Robot_2.4.zip
c:\documents and settings\Others\Application Data\m\shared\Wiagra_Batch_Converter_2.20.zip
c:\documents and settings\Others\Application Data\m\shared\WinConsole 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Window Seizer 1.00.zip
c:\documents and settings\Others\Application Data\m\shared\Windows Control 1.0.zip
c:\documents and settings\Others\Application Data\m\shared\Windows_Icon_Collection_1.0.zip
c:\documents and settings\Others\Application Data\m\shared\XLitePro_1.6_(Cracked).zip
c:\documents and settings\Others\Application Data\m\shared\Yahoo!_Mail_Checker_1.0.zip
c:\documents and settings\Others\Application Data\m\srvlist.oct
c:\windows\system32\ban_list.txt

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-26 01:45 . 2009-10-26 01:45 -------- d-----w- c:\program files\Trend Micro
2009-10-26 01:40 . 2009-10-26 01:40 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Deployment
2009-10-25 13:12 . 2009-10-25 13:15 -------- d-----w- c:\program files\SpywareBlaster
2009-10-25 08:32 . 2009-10-25 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 08:17 . 2009-10-25 08:17 -------- d-----w- c:\program files\Zone Labs
2009-10-25 07:02 . 2009-10-25 13:33 -------- d-----w- c:\program files\MSECACHE
2009-10-24 14:08 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 14:08 . 2009-10-26 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 14:08 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 03:01 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-24 03:01 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-24 02:54 . 2009-10-24 06:17 -------- d-----w- c:\windows\BDOSCAN8
2009-10-23 09:23 . 2009-10-23 09:23 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-23 00:17 . 2009-10-30 03:53 -------- d--h--w- c:\documents and settings\Others\Application Data\drivers
2009-10-22 09:30 . 2009-10-26 01:48 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Temp
2009-10-17 06:45 . 2006-10-09 04:00 94208 ----a-w- c:\windows\Dream Aquarium.scr
2009-10-17 06:44 . 2009-10-17 06:46 -------- d-----w- c:\program files\Dream Aquarium
2009-10-17 05:41 . 2009-10-17 05:41 102400 ----a-w- c:\windows\DreamAquarium.scr
2009-10-16 13:21 . 2008-10-09 06:25 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-16 13:21 . 2008-10-09 06:25 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-16 13:21 . 2008-10-09 06:25 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-16 13:21 . 2009-10-29 15:55 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-16 13:17 . 2009-10-30 03:24 -------- d-----w- c:\windows\Internet Logs
2009-10-16 00:25 . 2009-10-16 00:25 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Yahoo!
2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\documents and settings\Others\Application Data\Kingsoft
2009-10-15 14:30 . 2009-10-15 14:31 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-10-15 13:41 . 2009-10-15 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\documents and settings\Others\Application Data\JAM Software
2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\program files\TreeSize Professional
2009-10-08 15:32 . 2009-10-08 15:32 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-10-08 15:31 . 2009-10-08 15:54 -------- d-----w- c:\program files\SplitCam
2009-10-08 09:51 . 2009-10-08 09:51 -------- d-----w- c:\program files\uTorrent
2009-10-08 09:50 . 2009-10-23 10:10 -------- d-----w- c:\documents and settings\Others\Application Data\uTorrent
2009-10-08 09:01 . 2009-10-08 09:01 -------- d-----w- c:\documents and settings\Others\Application Data\WebcamMax
2009-10-08 09:00 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-10-08 00:01 . 2009-10-08 00:03 -------- d-----w- c:\documents and settings\Others\Application Data\ManyCam
2009-10-08 00:01 . 2009-10-08 00:04 -------- d-----w- c:\program files\ManyCam 2.4
2009-10-07 18:17 . 2009-10-07 18:17 -------- d-----w- C:\_OTM
2009-10-06 15:40 . 2009-10-06 15:40 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-06 15:31 . 2009-10-06 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-06 15:26 . 2009-10-06 15:31 -------- d-----w- c:\program files\DAP
2009-10-05 12:39 . 2009-10-05 12:39 -------- d-----w- c:\program files\AGI
2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\program files\ICQ6Toolbar
2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-10-04 23:38 . 2009-10-04 23:46 -------- d-----w- c:\program files\ICQ6.5
2009-10-02 10:54 . 2009-10-02 13:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-02 10:48 . 2009-10-02 10:48 -------- d-----w- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 03:21 . 2007-01-27 03:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 03:20 . 2007-12-06 14:27 -------- d-----w- c:\documents and settings\Others\Application Data\SlimBrowser
2009-10-29 23:53 . 2004-05-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-29 10:39 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-10-27 15:55 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\Others\Application Data\Babylon
2009-10-25 08:31 . 2005-02-02 04:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 08:27 . 2004-06-02 12:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-25 06:36 . 2005-03-28 16:01 -------- d-----w- c:\program files\Ashampoo
2009-10-25 05:47 . 2005-01-03 07:05 -------- d-----w- c:\program files\Startup Faster 2004
2009-10-24 04:59 . 2004-06-06 10:48 -------- d-----w- c:\program files\IncrediMail
2009-10-24 03:01 . 2009-09-29 04:31 -------- d-----w- c:\program files\CCleaner
2009-10-23 13:07 . 2009-07-16 23:06 -------- d-----w- c:\program files\SpywareGuard
2009-10-23 09:18 . 2008-02-11 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache
2009-10-14 05:49 . 2005-01-16 06:03 -------- d-----w- c:\documents and settings\Others\Application Data\Skype
2009-10-14 02:48 . 2007-03-01 13:11 -------- d-----w- c:\documents and settings\Others\Application Data\U3
2009-10-09 15:26 . 2008-02-11 02:23 21 ----a-w- c:\windows\system32\mylk.dat
2009-10-08 17:19 . 2009-07-29 22:12 -------- d-----w- c:\documents and settings\Others\Application Data\LimeWire
2009-10-08 15:31 . 2003-03-18 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 15:30 . 2006-04-20 06:17 -------- d-----w- c:\program files\GetRight
2009-10-05 13:00 . 2005-12-25 10:00 -------- d-----w- c:\program files\Winamp
2009-10-05 12:39 . 2009-06-13 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2009-10-04 23:41 . 2009-03-26 11:56 -------- d-----w- c:\program files\ICQ6
2009-10-03 03:38 . 2005-01-20 06:45 -------- d-----w- c:\program files\Trillian
2009-10-02 10:53 . 2009-05-13 07:13 -------- d-----w- c:\program files\Windows Live
2009-10-01 02:37 . 2009-01-09 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-29 04:39 . 2004-12-03 08:54 -------- d-----w- c:\program files\ePrompter
2009-09-27 03:26 . 2005-04-21 15:20 -------- d-----w- c:\program files\Opera
2009-09-25 15:16 . 2004-06-02 09:47 -------- d-----w- c:\program files\Avant Browser
2009-09-25 03:58 . 2009-08-02 02:25 -------- d-----w- c:\program files\PIM
2009-09-23 14:18 . 2008-01-19 10:33 -------- d-----w- c:\program files\IEPro
2009-09-23 06:42 . 2003-03-30 18:02 58504 ----a-w- c:\documents and settings\Others\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-23 06:07 . 2004-12-03 08:53 -------- d-----w- c:\program files\iDailyDiary
2009-09-17 21:52 . 2009-09-17 21:52 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-16 14:52 . 2005-03-28 08:03 -------- d-----w- c:\documents and settings\Others\Application Data\SolidDocuments
2009-09-13 05:18 . 2009-09-13 05:18 693760 ----a-w- c:\windows\is-V9TVU.exe
2009-09-12 15:16 . 2009-07-29 23:17 -------- d---a-w- c:\program files\eMule0.49c
2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 07:06 . 2009-09-11 05:15 157446 ----a-w- c:\windows\hphins27.dat
2009-09-11 05:43 . 2009-09-11 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-09-11 05:42 . 2009-09-11 05:42 -------- d-----w- c:\documents and settings\Others\Application Data\HP
2009-09-11 05:27 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-11 05:24 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-11 05:24 . 2009-09-11 05:21 -------- d-----w- c:\program files\HP
2009-09-11 05:23 . 2009-09-11 05:23 -------- d-----w- c:\program files\Common Files\HP
2009-09-11 05:14 . 2009-09-11 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-09 23:01 . 2009-07-15 06:59 -------- d-----w- c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com
2009-09-09 15:29 . 2008-02-13 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-07 13:39 . 2009-09-07 13:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 13:10 . 2009-09-04 13:10 -------- d-----w- c:\program files\RMVB Converter
2009-08-29 08:08 . 2004-08-03 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-17 16:10 . 2004-11-23 00:40 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2005-01-21 01:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2005-01-21 01:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:04 . 2005-01-21 01:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2005-02-25 18:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2005-01-21 01:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2004-06-24 07:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-05 09:01 . 2004-07-24 09:44 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:44 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-03 14:43 . 2009-08-03 14:43 687104 ----a-w- c:\windows\is-C4T0L.exe
2009-10-06 15:31 . 2009-10-06 15:37 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2005-02-03 03:33 . 2005-01-21 02:52 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\program files\Startup Faster 2004\StrpFstCfg.exe" [2005-02-28 1695744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Others\Start Menu\Programs\Startup\StartupFaster
AMF Daily Planner and PIM.lnk - c:\program files\PIM\amf.exe [2009-8-14 2457600]
StartupFaster.ini [2009-10-26 1104]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-6-11 157000]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2005-10-1 331264]
X1.lnk - c:\program files\X1\X1.exe [2005-10-1 13479064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\StartupFaster
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
hpzrcv01.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\setup\hpzstub.exe [2009-9-11 521552]
hpzsetup.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\hpzstub.exe [2009-9-11 521552]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
StartupFaster.ini [2009-10-26 2222]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 02:25 139264 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Switch Off"=c:\program files\Switch Off\swoff.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DadApp"=c:\program files\Dell\AccessDirect\dadapp.exe
"DVDSentry"=c:\windows\System32\DSentry.exe
"pdfSaver3"=
"PrinterOn Printer Select 2.6"=c:\program files\PrinterOn Corporation\Internet PrintWhere 2.6\PW_PrinterSelect26.exe -NoUI

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\KWMUSIC\\KwMusic.exe"=
"c:\\Program Files\\KWMUSIC\\KwMV.exe"=
"c:\\Program Files\\China Mobile\\Fetion\\FetionFX.exe"=
"c:\\Program Files\\China Mobile\\Fetion\\VMDotNet\\v2.0.50727\\FetionVM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"8529:TCP"= 8529:TCP:yduq

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [10/24/2009 11:01 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [10/24/2009 11:01 AM 20560]
R2 CMB8100;CMB8100;c:\windows\SYSTEM32\DRIVERS\CertClient.dat [9/14/2008 7:52 AM 3038]
R2 CMBProtector;CMBProtector;c:\windows\SYSTEM32\DRIVERS\CMBProtector.dat [9/14/2008 7:52 AM 3584]
R2 lf;lf;c:\program files\Everstrike\Lock Folder XP 3.2\UniShieldXP.sys [7/3/2003 9:50 PM 45952]
R2 MOTOVISION;MotoVision For E680/680i, A780/760/768 Virtual Camera;c:\windows\SYSTEM32\DRIVERS\motovision.sys [1/6/2009 9:31 PM 31145]
R3 DirectDrv;DirectDrv;c:\windows\SYSTEM32\DRIVERS\MotoVisionDP.sys [1/6/2009 9:31 PM 11941]
R3 LMPC2;LMPC2;c:\windows\SYSTEM32\DRIVERS\lmpc2.sys [10/25/2007 10:30 PM 4224]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\SYSTEM32\DRIVERS\ManyCam.sys [1/14/2008 6:06 PM 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [10/24/2009 10:08 PM 19160]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AgilentUSBCam;E-Video DC-350 USB Camera;c:\windows\SYSTEM32\DRIVERS\Atusbcam.sys [4/26/2001 1:04 AM 117984]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys --> c:\windows\system32\Drivers\BRGSp50.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\SYSTEM32\DRIVERS\motfilt.sys [9/6/2008 10:15 PM 6016]
S3 DCamUSBUVT;ICM532A;c:\windows\SYSTEM32\DRIVERS\usbuvt.sys [3/9/2004 2:50 PM 95232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [6/21/2009 1:21 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [6/21/2009 1:21 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [6/21/2009 1:21 PM 42112]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\SYSTEM32\DRIVERS\Motousbnet.sys [6/21/2009 1:21 PM 23296]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [1/6/2009 9:49 PM 23680]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\SYSTEM32\DRIVERS\ntspppoe.sys [4/13/2003 5:47 PM 161512]
S3 RAWESR;RAWESR;\??\c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS --> c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 2:11 PM 224896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2006-10-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-09-03 00:12]

2005-03-21 c:\windows\Tasks\FreshDiagnose Report.job
- c:\program files\FreshDevices\FreshDiagnose\fdiag.exe [2004-04-28 07:12]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job
- c:\documents and settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-22 09:30]

2009-10-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Others.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-10-26 06:53]

2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: c:\program files\Tencent\qq\SendMMS.htm
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~2\bin\resources\WebMenuImg.htm
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Answers... - file:c:\program files\1-Click Answers\Html\atiemenu.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Logoff - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Trusted Zone: bankofamerica.com\www
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
Trusted Zone: microsoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: msn.com\www
Trusted Zone: yahoo.com\www
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} - hxxps://ebank.gdb.com.cn/perbank/js/CertKitAx.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
FF - ProfilePath - c:\documents and settings\Others\Application Data\Mozilla\Firefox\Profiles\8g1iwoqs.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 11:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\My Shared Folder

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\EduFont\E*d*u*O*f*f*i*c*e* *b„vW[\BCGWorkspace\WindowPlacement]
"MainWindowRect"=hex:fc,ff,ff,ff,fc,ff,ff,ff,04,04,00,00,04,03,00,00
"Flags"=dword:00000002
"ShowCmd"=dword:00000003

[HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\program files\Common Files\Stardock\mcpstub.dll

- - - - - - - > 'lsass.exe'(1620)
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-30 12:00
ComboFix-quarantined-files.txt 2009-10-30 03:59

Pre-Run: 2,569,850,880 bytes free
Post-Run: 2,548,809,728 bytes free

- - End Of File - - D35F915B27F8A0E906589E323DD394B5

Advertisements

Register to Remove

#11 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 31 October 2009 - 05:08 AM

Hi Tom_q2356,

Your system has been infected by one or more Backdoor Trojans.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:

Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

To help you make your decision, here are a few related articles that i suggest you read:

Should you have any questions, please feel free to ask.

Should you wish to continue cleaning, please carry on.

Any particular reason these are in the Trusted Zone? By default you security setting are lower in this zone.

Trusted Zone: bankofamerica.com\www
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
Trusted Zone: microsoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: msn.com\www
Trusted Zone: yahoo.com\www

LimeWire and uTorrent
You have LimeWire and uTorrent, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing them.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx

http://www.internetw...cles/art053.htm

I would recommend that you uninstall LimeWire and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep them, please do not use them until your computer is cleaned.

Next, let's look deeper. Download Rooter.exe to your desktop

Then doubleclick it to start the tool
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have installed Windows). Post that in your next reply.

We will be using Combofix again but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Folder::
c:\documents and settings\Others\Application Data\drivers

RegLock::
[HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

Please post back with

Rooter log
combofix log

How is your computer?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#12 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 31 October 2009 - 02:52 PM

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.14 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:27 Go - Free:2 Go )
D:\ [CD_Rom]
.
Scan : 09:43.38
Path : C:\Documents and Settings\Others\Desktop\Rooter.exe
User : Others ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (772)
______ \??\C:\WINDOWS\system32\csrss.exe (1164)
______ \??\C:\WINDOWS\system32\winlogon.exe (1336)
______ C:\WINDOWS\system32\services.exe (1592)
______ C:\WINDOWS\system32\lsass.exe (1620)
______ C:\WINDOWS\system32\svchost.exe (200)
______ C:\WINDOWS\system32\svchost.exe (396)
______ C:\WINDOWS\System32\svchost.exe (616)
______ C:\WINDOWS\System32\svchost.exe (756)
______ C:\WINDOWS\system32\svchost.exe (1436)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1356)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1512)
______ C:\WINDOWS\system32\spoolsv.exe (472)
______ C:\WINDOWS\System32\svchost.exe (540)
______ C:\WINDOWS\System32\Ati2evxx.exe (788)
______ C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (660)
______ C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (1636)
______ C:\WINDOWS\system32\svchost.exe (1452)
______ C:\Program Files\Ahead\InCD\InCDsrv.exe (1108)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1012)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (636)
______ C:\WINDOWS\System32\svchost.exe (1880)
______ C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (2112)
______ C:\WINDOWS\System32\alg.exe (3004)
______ C:\Program Files\Common Files\Stardock\SDMCP.exe (3508)
______ C:\WINDOWS\Explorer.EXE (228)
______ C:\Program Files\reliz\akeys.exe (1244)
______ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (3372)
______ C:\Program Files\CursorXP\CursorXP.exe (3896)
______ C:\Program Files\Digital Line Detect\DLG.exe (2988)
______ C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (3848)
______ C:\Program Files\Startup Faster 2004\sfAgent.exe (2884)
______ C:\WINDOWS\system32\ctfmon.exe (2816)
______ C:\Documents and Settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (1192)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (524)
______ C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (2812)
______ C:\Documents and Settings\Others\Desktop\Rooter.exe (1520)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:29964695040)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\Disk Cleanup.job
C:\WINDOWS\Tasks\FreshDiagnose Report.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job
C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Others.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Others\APPLIC~1\drivers
==> Bagle <==
.
C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an
d.Patch-CRD\keygen\keygen.exe
C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an
d.Patch-CRD\keygen\keygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 09:46.10
.
C:\Rooter$\Rooter_1.txt - (31/10/2009 | 09:46.10).c

#13 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 31 October 2009 - 02:57 PM

ComboFix 09-10-28.08 - Others 10/31/2009 9:57.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.623 [GMT 8:00]
Running from: c:\documents and settings\Others\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Others\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091030-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Others\Application Data\drivers

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 01:45 . 2009-10-31 01:46 -------- d-----w- C:\Rooter$
2009-10-26 01:45 . 2009-10-26 01:45 -------- d-----w- c:\program files\Trend Micro
2009-10-26 01:40 . 2009-10-26 01:40 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Deployment
2009-10-25 13:12 . 2009-10-25 13:15 -------- d-----w- c:\program files\SpywareBlaster
2009-10-25 08:32 . 2009-10-25 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 08:17 . 2009-10-25 08:17 -------- d-----w- c:\program files\Zone Labs
2009-10-25 07:02 . 2009-10-25 13:33 -------- d-----w- c:\program files\MSECACHE
2009-10-24 14:08 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 14:08 . 2009-10-26 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 14:08 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 03:01 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-24 03:01 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-24 02:54 . 2009-10-24 06:17 -------- d-----w- c:\windows\BDOSCAN8
2009-10-23 09:23 . 2009-10-23 09:23 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 09:30 . 2009-10-26 01:48 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Temp
2009-10-17 06:45 . 2006-10-09 04:00 94208 ----a-w- c:\windows\Dream Aquarium.scr
2009-10-17 06:44 . 2009-10-17 06:46 -------- d-----w- c:\program files\Dream Aquarium
2009-10-17 05:41 . 2009-10-17 05:41 102400 ----a-w- c:\windows\DreamAquarium.scr
2009-10-16 13:21 . 2008-10-09 06:25 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-16 13:21 . 2008-10-09 06:25 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-16 13:21 . 2008-10-09 06:25 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-16 13:21 . 2009-10-29 15:55 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-16 13:17 . 2009-10-31 01:37 -------- d-----w- c:\windows\Internet Logs
2009-10-16 00:25 . 2009-10-16 00:25 -------- d-----w- c:\documents and settings\Others\Local Settings\Application Data\Yahoo!
2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\documents and settings\Others\Application Data\Kingsoft
2009-10-15 14:30 . 2009-10-15 14:31 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-10-15 13:41 . 2009-10-15 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\documents and settings\Others\Application Data\JAM Software
2009-10-11 05:03 . 2009-10-11 05:03 -------- d-----w- c:\program files\TreeSize Professional
2009-10-08 15:32 . 2009-10-08 15:32 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-10-08 15:31 . 2009-10-08 15:54 -------- d-----w- c:\program files\SplitCam
2009-10-08 09:51 . 2009-10-08 09:51 -------- d-----w- c:\program files\uTorrent
2009-10-08 09:50 . 2009-10-23 10:10 -------- d-----w- c:\documents and settings\Others\Application Data\uTorrent
2009-10-08 09:01 . 2009-10-08 09:01 -------- d-----w- c:\documents and settings\Others\Application Data\WebcamMax
2009-10-08 09:00 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-10-08 00:01 . 2009-10-08 00:03 -------- d-----w- c:\documents and settings\Others\Application Data\ManyCam
2009-10-08 00:01 . 2009-10-08 00:04 -------- d-----w- c:\program files\ManyCam 2.4
2009-10-07 18:17 . 2009-10-07 18:17 -------- d-----w- C:\_OTM
2009-10-06 15:40 . 2009-10-06 15:40 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-06 15:31 . 2009-10-06 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-06 15:26 . 2009-10-06 15:31 -------- d-----w- c:\program files\DAP
2009-10-05 12:39 . 2009-10-05 12:39 -------- d-----w- c:\program files\AGI
2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\program files\ICQ6Toolbar
2009-10-04 23:43 . 2009-10-04 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-10-04 23:38 . 2009-10-04 23:46 -------- d-----w- c:\program files\ICQ6.5
2009-10-02 10:54 . 2009-10-02 13:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-02 10:48 . 2009-10-02 10:48 -------- d-----w- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 01:35 . 2007-12-06 14:27 -------- d-----w- c:\documents and settings\Others\Application Data\SlimBrowser
2009-10-30 17:08 . 2003-05-17 09:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 16:57 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-10-30 11:20 . 2007-01-27 03:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 05:07 . 2004-12-03 08:53 -------- d-----w- c:\program files\iDailyDiary
2009-10-29 23:53 . 2004-05-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-27 15:55 . 2009-07-27 02:56 -------- d-----w- c:\documents and settings\Others\Application Data\Babylon
2009-10-25 08:31 . 2005-02-02 04:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 08:27 . 2004-06-02 12:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-25 06:36 . 2005-03-28 16:01 -------- d-----w- c:\program files\Ashampoo
2009-10-25 05:47 . 2005-01-03 07:05 -------- d-----w- c:\program files\Startup Faster 2004
2009-10-24 04:59 . 2004-06-06 10:48 -------- d-----w- c:\program files\IncrediMail
2009-10-24 03:01 . 2009-09-29 04:31 -------- d-----w- c:\program files\CCleaner
2009-10-23 13:07 . 2009-07-16 23:06 -------- d-----w- c:\program files\SpywareGuard
2009-10-23 09:18 . 2008-02-11 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache
2009-10-14 05:49 . 2005-01-16 06:03 -------- d-----w- c:\documents and settings\Others\Application Data\Skype
2009-10-14 02:48 . 2007-03-01 13:11 -------- d-----w- c:\documents and settings\Others\Application Data\U3
2009-10-09 15:26 . 2008-02-11 02:23 21 ----a-w- c:\windows\system32\mylk.dat
2009-10-08 17:19 . 2009-07-29 22:12 -------- d-----w- c:\documents and settings\Others\Application Data\LimeWire
2009-10-08 15:31 . 2003-03-18 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 15:30 . 2006-04-20 06:17 -------- d-----w- c:\program files\GetRight
2009-10-05 13:00 . 2005-12-25 10:00 -------- d-----w- c:\program files\Winamp
2009-10-05 12:39 . 2009-06-13 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2009-10-04 23:41 . 2009-03-26 11:56 -------- d-----w- c:\program files\ICQ6
2009-10-03 03:38 . 2005-01-20 06:45 -------- d-----w- c:\program files\Trillian
2009-10-02 10:53 . 2009-05-13 07:13 -------- d-----w- c:\program files\Windows Live
2009-10-01 02:37 . 2009-01-09 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-29 04:39 . 2004-12-03 08:54 -------- d-----w- c:\program files\ePrompter
2009-09-27 03:26 . 2005-04-21 15:20 -------- d-----w- c:\program files\Opera
2009-09-25 15:16 . 2004-06-02 09:47 -------- d-----w- c:\program files\Avant Browser
2009-09-25 03:58 . 2009-08-02 02:25 -------- d-----w- c:\program files\PIM
2009-09-23 14:18 . 2008-01-19 10:33 -------- d-----w- c:\program files\IEPro
2009-09-23 06:42 . 2003-03-30 18:02 58504 ----a-w- c:\documents and settings\Others\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 21:52 . 2009-09-17 21:52 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-16 14:52 . 2005-03-28 08:03 -------- d-----w- c:\documents and settings\Others\Application Data\SolidDocuments
2009-09-13 05:18 . 2009-09-13 05:18 693760 ----a-w- c:\windows\is-V9TVU.exe
2009-09-12 15:16 . 2009-07-29 23:17 -------- d---a-w- c:\program files\eMule0.49c
2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 07:06 . 2009-09-11 05:15 157446 ----a-w- c:\windows\hphins27.dat
2009-09-11 05:43 . 2009-09-11 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-09-11 05:42 . 2009-09-11 05:42 -------- d-----w- c:\documents and settings\Others\Application Data\HP
2009-09-11 05:27 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-11 05:24 . 2009-09-11 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-11 05:24 . 2009-09-11 05:21 -------- d-----w- c:\program files\HP
2009-09-11 05:23 . 2009-09-11 05:23 -------- d-----w- c:\program files\Common Files\HP
2009-09-11 05:14 . 2009-09-11 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-09 23:01 . 2009-07-15 06:59 -------- d-----w- c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com
2009-09-09 15:29 . 2008-02-13 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-07 13:39 . 2009-09-07 13:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 13:10 . 2009-09-04 13:10 -------- d-----w- c:\program files\RMVB Converter
2009-08-29 08:08 . 2004-08-03 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-17 16:10 . 2004-11-23 00:40 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2005-01-21 01:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2005-01-21 01:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:04 . 2005-01-21 01:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2005-02-25 18:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2005-01-21 01:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2004-06-24 07:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-05 09:01 . 2004-07-24 09:44 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:44 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-03 14:43 . 2009-08-03 14:43 687104 ----a-w- c:\windows\is-C4T0L.exe
2009-10-06 15:31 . 2009-10-06 15:37 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2005-02-03 03:33 . 2005-01-21 02:52 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-30_03.54.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-31 01:02 . 2009-10-31 01:02 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
+ 2009-10-31 01:03 . 2009-10-31 01:03 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2009-10-30 17:08 . 2009-10-30 17:08 3940352 c:\windows\Installer\18a5645.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\program files\Startup Faster 2004\StrpFstCfg.exe" [2005-02-28 1695744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Others\Start Menu\Programs\Startup\StartupFaster
AMF Daily Planner and PIM.lnk - c:\program files\PIM\amf.exe [2009-8-14 2457600]
StartupFaster.ini [2009-10-26 1104]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-6-11 157000]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2005-10-1 331264]
X1.lnk - c:\program files\X1\X1.exe [2005-10-1 13479064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\StartupFaster
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
hpzrcv01.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\setup\hpzstub.exe [2009-9-11 521552]
hpzsetup.LNK - c:\program files\HP\Temp\{387D9916-BD27-480f-8CF0-3228832BBAA2}\hpzstub.exe [2009-9-11 521552]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
StartupFaster.ini [2009-10-26 2222]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 02:25 139264 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Switch Off"=c:\program files\Switch Off\swoff.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DadApp"=c:\program files\Dell\AccessDirect\dadapp.exe
"DVDSentry"=c:\windows\System32\DSentry.exe
"pdfSaver3"=
"PrinterOn Printer Select 2.6"=c:\program files\PrinterOn Corporation\Internet PrintWhere 2.6\PW_PrinterSelect26.exe -NoUI

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\KWMUSIC\\KwMusic.exe"=
"c:\\Program Files\\KWMUSIC\\KwMV.exe"=
"c:\\Program Files\\China Mobile\\Fetion\\FetionFX.exe"=
"c:\\Program Files\\China Mobile\\Fetion\\VMDotNet\\v2.0.50727\\FetionVM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"8529:TCP"= 8529:TCP:yduq

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe [2009-07-08 397192]
R3 AgilentUSBCam;E-Video DC-350 USB Camera;c:\windows\system32\DRIVERS\Atusbcam.sys [2001-04-26 117984]
R3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2007-01-23 6016]
R3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys [2002-07-10 95232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2008-03-03 23296]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\DRIVERS\ntspppoe.sys [2001-10-31 161512]
R3 RAWESR;RAWESR;c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
R3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\DRIVERS\zd1211Bu.sys [2007-06-25 500736]
R4 bckg32;Zone Backgammon Client;c:\windows\system32\rundll32.exe bckg32.dll,yduq [x]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 CMB8100;CMB8100;c:\windows\system32\Drivers\CertClient.dat [2006-11-30 3038]
S2 CMBProtector;CMBProtector;c:\windows\system32\Drivers\CMBProtector.dat [2007-01-18 3584]
S2 lf;lf;c:\program files\Everstrike\Lock Folder XP 3.2\UniShieldXP.sys [2003-07-03 45952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
S2 MOTOVISION;MotoVision For E680/680i, A780/760/768 Virtual Camera;c:\windows\system32\DRIVERS\motovision.sys [2006-04-26 31145]
S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-10-06 300656]
S3 DirectDrv;DirectDrv;c:\windows\system32\DRIVERS\MotoVisionDP.sys [2006-04-26 11941]
S3 LMPC2;LMPC2; [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-09-10 19160]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2006-10-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-09-03 00:12]

2005-03-21 c:\windows\Tasks\FreshDiagnose Report.job
- c:\program files\FreshDevices\FreshDiagnose\fdiag.exe [2004-04-28 07:12]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104054462-3242262833-941974269-1007Core1ca55de2ce7a9d0.job
- c:\documents and settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-22 09:30]

2009-10-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Others.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-10-26 06:53]

2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{1EC03267-D26F-4AB1-9863-CC9FC678712A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: c:\program files\Tencent\qq\SendMMS.htm
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~2\bin\resources\WebMenuImg.htm
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Answers... - file:c:\program files\1-Click Answers\Html\atiemenu.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Logoff - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Trusted Zone: bankofamerica.com\www
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
Trusted Zone: microsoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: msn.com\www
Trusted Zone: yahoo.com\www
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0D99625B-0619-4420-BB61-82DEE1B91D3A} - hxxps://ebank.gdb.com.cn/perbank/js/CertKitAx.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
FF - ProfilePath - c:\documents and settings\Others\Application Data\Mozilla\Firefox\Profiles\8g1iwoqs.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 10:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\My Shared Folder

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\EduFont\E*d*u*O*f*f*i*c*e* *b„vW[\BCGWorkspace\WindowPlacement]
"MainWindowRect"=hex:fc,ff,ff,ff,fc,ff,ff,ff,04,04,00,00,04,03,00,00
"Flags"=dword:00000002
"ShowCmd"=dword:00000003

[HKEY_USERS\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Others\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\program files\Common Files\Stardock\mcpstub.dll

- - - - - - - > 'lsass.exe'(1620)
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpshext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-31 10:15
ComboFix-quarantined-files.txt 2009-10-31 02:14
ComboFix2.txt 2009-10-30 04:00

Pre-Run: 2,717,036,544 bytes free
Post-Run: 2,699,329,536 bytes free

- - End Of File - - C3F54D5C3BFA711DD263C286DE27CAE0

#14 Tom_q2356

Authentic Member

Authentic Member
178 posts

Posted 31 October 2009 - 03:17 PM

Dear Oldman960,

This backdoor trojans really make me worried; I will contact my banks right now. I have a question though, I am using RoboForm to keep all of my passwords, Roboform claims to have the type of technology to prevent identity or password theft. Is there anyway we can make my computer completely clean of backdoor trojans and then I change all important passwords from there? There are just too many to be changed. I will just focus on the banks, ebay and amazon.

I have lost my the original Windows Xp Cd rom and therefore could not reinstall or reformat my computer programs. Let say though if I eventually can do that reformatting by perhaps borrowing a Cd rom from a friend, can I put back all the old files and not be worried about trojans hidden in the old files?

Please advise me the best possible way without having to reinstall or reformat because it seems like the only option for now.

Could you tell me what are the specific things I need to tell my banks? Just ask them to watch my account closely for a period of time? Or how does it work?

Also, since my computer got infected by backdoors trojans or the "bagle" virus, I have completely stopped using anything related to banks, ebay and amazon; is it still possible that my personal imformation about banks, ebay and amazon be stolen? Stolen from Roboform?

Thanks very much!
Tom

Edited by Tom_q2356, 31 October 2009 - 03:36 PM.

#15 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 31 October 2009 - 10:39 PM

Hi Tom_q2356,

Cracks and keygen

These are a great souce for trojans, backdoor, keyloggers, rootkits, downloaders and other assorted vermin. I see several of these are or have been on this computer and am pretty certain that this is how you ended up on this forum. This forum does not support the use of these types of programs. We will remove these during the course of the cleaning.
http://forums.whatth...ort_t92527.html

Roboform claims to have the type of technology to prevent identity or password theft.

RoboForm will help, but I still advise you to change your passwords just for your peace of mind. If the attackers have your password, changing them later may be too late.

Could you tell me what are the specific things I need to tell my banks? Just ask them to watch my account closely for a period of time?

Tell them that your computer has been compromised and put a watch on your account for any unusal activity.

As for your other type of accounts, I suggest you change them also. There may be bits of personal information in those accounts.

is it still possible that my personal imformation about banks, ebay and amazon be stolen? Stolen from Roboform?

I honestly can't tell you as malware is constantly updated to defeat security programs. Bottom line, change your passwords as soon as you can.

Is there anyway we can make my computer completely clean of backdoor trojans and then I change all important passwords from there?

We can clean what we can see or detect with or tools. As I mentioned before "we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer". As security programs are updated (remember they are playing catchup) any lingering elements may be detected. Building a layered security system will help also. The main thing is don't change your passwords from this computer while it is infected.

Let's continue.

Click your Start button > Control Panel > Add/Remove Programs and uninstall if present

RelevantKnowledge
MarketResearch

Still in Contol Panel

Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now

After the update is complete

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Files
C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an
d.Patch-CRD\keygen\keygen.exe
C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an
d.Patch-CRD\keygen\keygen.exe

:Commands
[emptytemp]
[start explorer]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with

OTL fix log
MBAM log

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Body Background

skin color theme