Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Funshion removal


  • This topic is locked This topic is locked
22 replies to this topic

#1 greenT21

greenT21

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 10 July 2011 - 02:56 AM

Hi there,

I was reading one of the older post in the forum about the program Funshion being a malware- this was also detected by my anti spyware program- Ad-ware and I have removed it.However, I am unsure whether it is all clear.
However, I am unsure whether this is the only thing affecting my computer. I have found my computer would run very slow whenever I plug in my portable hard drive- this has never been the the issue but,
my computer takes more than 2 minutes to read the drive and would freeze for a long time.

I also often have the problem of pop up messages saying whether I want to turn off my nview desktop program? in order for another program or website to function properly whether I am online or not online. I first thought it was because I lack of memory but, this is not the case as I have cleaned up and I have more than half memory remaining. I have attached log scans in hope you could help me.

Greatly, appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 29 July 2011 - 12:16 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 04 August 2011 - 08:19 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Shannon

#4 greenT21

greenT21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 03 September 2011 - 05:23 AM

Hi there,

I previous installed a downloading program funshion and my spyware program pick it up as a trojan. I've removed it but, there are some that say accessed is denied etc and can not remove.

I have followed your previous instruction in creating log scans. Please have a look. I really need to know how to completely remove everything of this program.

Thank you.

Attached Files


Edited by greenT21, 03 September 2011 - 05:23 AM.


#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 03 September 2011 - 05:48 AM

This topic has been re-opened at the request of the person who originally posted.
Shannon

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,462 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:05 PM

Posted 03 September 2011 - 03:51 PM

Hello greenT21,

I have merged your new topic to your previous topic which Shannon reopened for you. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics confuses things for all concerned and delays the assistance you receive.

Back to you Shannon,

Orange Blossom :cherry:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript


#7 greenT21

greenT21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 04 September 2011 - 02:32 AM

Apologies for the confusion.

Here are the copies of my scans thanks heaps!

Extra scan

OTL Extras logfile created on: 4/09/2011 2:57:08 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\Khode\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

990.48 Mb Total Physical Memory | 73.68 Mb Available Physical Memory | 7.44% Memory free
1.58 Gb Paging File | 0.69 Gb Available in Paging File | 43.75% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 132.55 Gb Free Space | 56.92% Space Free | Partition Type: NTFS

Computer Name: KHODE-PC | User Name: Khode | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Documents and Settings\Khode\Application Data\U3\000018741B605527\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and Settings\Khode\Application Data\U3\000018741B605527\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager
"C:\tightvnc-1.3.9_x86\WinVNC.exe" = C:\tightvnc-1.3.9_x86\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (TightVNC Group)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Funshion Online\Funshion\FunshionService.exe" = C:\Program Files\Funshion Online\Funshion\FunshionService.exe:*:Enabled:FunshionService
"C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe" = C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe:*:Enabled:FunshionUpgrade
"C:\Program Files\GVOD\GVODS.exe" = C:\Program Files\GVOD\GVODS.exe:*:Disabled:GVODS
"C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager -- (Tonec Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10106AA7-38E7-4348-8396-9F535DF763EF}" = MSTPCRT
"{110DEFF6-1BC3-4C3C-8A9D-F482EA6BA70F}" = Avatar Sizer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A5A4AF-5CC1-4009-B8E2-F4C4E9A1D6FC}" = DYNA Font
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C511EEE-79E4-4642-A432-8FB5A211E350}" = AwvermifKbd
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Mouse Driver
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA5784C0-06BB-4884-A7C4-89CC206EA2B6}" = ninemsn Toolbar
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = SN9C110+360A
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}" = PenpowerJR
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"aka2.10.3" = aka
"AskTBar Uninstall" = Ask Toolbar
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"AviSynth" = AviSynth 2.5
"Canon LASER SHOT LBP-1120" = Canon LASER SHOT LBP-1120
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.2
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.1
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"FinePrint" = FinePrint
"FLV Player" = FLV Player 2.0 (build 25)
"FLV Player2.0 " = FLV Player
"FormatFactory" = FormatFactory 2.70
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"FreeUndelete" = FreeUndelete
"Google Desktop" = Google Desktop Search
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InCD!UninstallKey" = InCD
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Mouse Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Internet Download Manager" = Internet Download Manager
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Kyodai Mahjongg_is1" = Kyodai Mahjongg
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MpcStar" = MpcStar 2.2
"MyTomTom" = MyTomTom 3.1.0.432
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"Pidgin" = Pidgin
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"QuicktimeAlt_is1" = QuickTime Alternative 1.39
"RealAlt_is1" = Real Alternative 2.0.2
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Softonic_English Toolbar" = Softonic_English Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The House Of The Dead 2" = The House Of The Dead 2
"TwinBridge Chinese Partner V6.0" = TwinBridge Chinese Partner V6.0
"Üc¶H-©ú¬P¤T¯Ê¤@2002" = Üc¶H-©ú¬P¤T¯Ê¤@2002
"Uninstall_is1" = Uninstall 1.0.0.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/08/2011 9:51:25 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 31/08/2011 9:53:25 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 31/08/2011 9:53:25 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 31/08/2011 10:02:18 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 31/08/2011 10:02:18 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 3/09/2011 12:46:55 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 3/09/2011 6:10:13 AM | Computer Name = KHODE-PC | Source = nview_info | ID = 11141121
Description =

Error - 3/09/2011 6:14:41 AM | Computer Name = KHODE-PC | Source = ESENT | ID = 474
Description = wuauclt (332) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 23248896 (0x000000000162c000) for 4096 (0x00001000) bytes failed verification
due to a page checksum mismatch. The expected checksum was 1796936370 (0x6b1b12b2)
and the actual checksum was 1264128684 (0x4b5912ac). The read operation will fail
with error -1018 (0xfffffc06). If this condition persists then please restore
the database from a previous backup.

Error - 3/09/2011 8:25:37 AM | Computer Name = KHODE-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module realmediasplitter.ax, version 1.0.1.2, fault address 0x00005983.

Error - 4/09/2011 2:47:13 AM | Computer Name = KHODE-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module realmediasplitter.ax, version 1.0.1.2, fault address 0x00005983.

[ System Events ]
Error - 31/08/2011 10:35:32 AM | Computer Name = KHODE-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 31/08/2011 10:35:32 AM | Computer Name = KHODE-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 31/08/2011 10:35:46 AM | Computer Name = KHODE-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001731808702.

Error - 31/08/2011 12:34:31 PM | Computer Name = KHODE-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 58.160.252.208 for the Network Card with network
address 001731808702 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 31/08/2011 12:34:35 PM | Computer Name = KHODE-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 31/08/2011 12:34:35 PM | Computer Name = KHODE-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 31/08/2011 12:35:10 PM | Computer Name = KHODE-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001731808702.

Error - 3/09/2011 6:12:45 AM | Computer Name = KHODE-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001731808702.

Error - 4/09/2011 2:46:11 AM | Computer Name = KHODE-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 58.160.254.41 for the Network Card with network
address 001731808702 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/09/2011 2:46:32 AM | Computer Name = KHODE-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 001731808702 has been denied by the DHCP server 172.18.57.155 (The DHCP
Server sent a DHCPNACK message).


< End of report >


OTL scan
OTL logfile created on: 4/09/2011 2:57:08 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\Khode\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

990.48 Mb Total Physical Memory | 73.68 Mb Available Physical Memory | 7.44% Memory free
1.58 Gb Paging File | 0.69 Gb Available in Paging File | 43.75% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 132.55 Gb Free Space | 56.92% Space Free | Partition Type: NTFS

Computer Name: KHODE-PC | User Name: Khode | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 18:37:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Khode\My Documents\OTL.exe
PRC - [2011/08/29 22:26:06 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/08/18 15:25:12 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/18 15:25:12 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/17 21:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/30 07:33:54 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2011/03/22 05:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/15 16:46:07 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/05/25 22:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/05/11 10:04:34 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2007/08/10 20:46:20 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\update\update.exe
PRC - [2007/06/13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/25 18:31:14 | 000,806,912 | ---- | M] () -- C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
PRC - [2006/12/01 15:38:21 | 000,382,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/12/01 15:38:21 | 000,129,536 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006/03/23 16:06:50 | 001,398,272 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2006/03/23 16:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2006/02/17 10:40:36 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2006/02/17 10:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/02/17 10:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/02/17 10:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/02/17 10:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/04/08 12:08:52 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2005/04/08 12:01:20 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002/07/18 23:00:00 | 000,136,704 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
PRC - [2002/07/18 23:00:00 | 000,061,512 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAP3RSK.EXE
PRC - [2002/07/18 23:00:00 | 000,030,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/08/28 22:56:04 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/08/19 09:36:58 | 004,425,040 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
MOD - [2011/08/19 09:36:43 | 000,316,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
MOD - [2011/08/19 09:36:34 | 000,263,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
MOD - [2011/08/19 09:36:33 | 000,394,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
MOD - [2011/08/19 09:36:33 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
MOD - [2011/08/19 09:36:32 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
MOD - [2011/08/19 09:36:31 | 000,349,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
MOD - [2011/08/19 09:36:31 | 000,300,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
MOD - [2011/08/19 09:36:30 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
MOD - [2011/08/19 09:36:29 | 000,443,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
MOD - [2011/08/19 09:36:29 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
MOD - [2011/08/19 09:36:28 | 000,193,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/08/19 09:36:27 | 000,292,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
MOD - [2011/08/19 09:36:26 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/19 09:36:25 | 000,963,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
MOD - [2011/08/19 09:36:25 | 000,202,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
MOD - [2011/08/18 15:25:12 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/08/18 15:25:12 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/08/18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/08/17 21:42:14 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/17 21:32:35 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/22 05:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/22 05:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/12/24 16:12:57 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2008/04/19 16:35:02 | 000,081,920 | ---- | M] () -- C:\Program Files\ClamWin\bin\ExpShell.dll
MOD - [2008/04/14 05:42:08 | 000,438,272 | ---- | M] () -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\update\spcompat.dll
MOD - [2007/05/23 01:53:10 | 000,006,656 | ---- | M] () -- C:\Program Files\WinAVI Video Converter 9.0\SimpleExt.dll
MOD - [2007/01/25 18:31:14 | 000,806,912 | ---- | M] () -- C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
MOD - [2006/12/01 15:38:21 | 000,382,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/12/01 15:38:21 | 000,183,296 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/12/01 15:38:21 | 000,129,536 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
MOD - [2006/12/01 15:38:21 | 000,105,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
MOD - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2006/05/03 04:49:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Multimedia Mouse Driver\MouseHook.dll
MOD - [2006/02/17 10:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2006/02/17 10:17:08 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/02/17 10:17:08 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/02/17 10:17:08 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [2006/01/24 18:15:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/01/24 18:15:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/02/08 16:23:10 | 000,979,005 | ---- | M] () -- C:\Program Files\ClamWin\bin\python23.dll
MOD - [2004/11/20 02:27:54 | 000,106,496 | ---- | M] () -- C:\Program Files\ClamWin\lib\shell.pyd
MOD - [2004/11/20 02:27:54 | 000,086,016 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32gui.pyd
MOD - [2004/11/20 02:27:54 | 000,077,824 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32file.pyd
MOD - [2004/11/20 02:27:54 | 000,069,632 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32api.pyd
MOD - [2004/11/20 02:27:54 | 000,065,536 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32security.pyd
MOD - [2004/11/20 02:27:54 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32process.pyd
MOD - [2004/11/20 02:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32pipe.pyd
MOD - [2004/11/20 02:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32event.pyd
MOD - [2004/10/11 19:22:18 | 000,315,392 | ---- | M] () -- C:\Program Files\ClamWin\lib\pythoncom23.dll
MOD - [2004/10/11 19:21:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ClamWin\lib\pywintypes23.dll
MOD - [2004/05/25 20:20:30 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\_winreg.pyd
MOD - [2004/05/25 20:19:32 | 000,045,117 | ---- | M] () -- C:\Program Files\ClamWin\lib\datetime.pyd
MOD - [2004/05/25 20:18:42 | 000,495,616 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ssl.pyd
MOD - [2004/05/25 20:18:28 | 000,057,401 | ---- | M] () -- C:\Program Files\ClamWin\lib\_sre.pyd
MOD - [2004/05/25 20:18:20 | 000,049,212 | ---- | M] () -- C:\Program Files\ClamWin\lib\_socket.pyd
MOD - [2004/05/25 20:17:14 | 000,622,651 | ---- | M] () -- C:\Program Files\ClamWin\lib\_bsddb.pyd
MOD - [2004/01/15 13:45:22 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ctypes.pyd
MOD - [2003/10/01 12:40:00 | 002,240,512 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxc.pyd
MOD - [2003/10/01 10:43:02 | 003,239,936 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxmsw24h.dll
MOD - [2003/08/10 08:14:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\mxDateTime.pyd


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/18 15:25:12 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/05/11 10:04:34 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/03/23 16:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/02/17 10:39:02 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/02/17 10:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/02/17 10:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/17 10:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/07/06 23:14:42 | 000,101,616 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/07 16:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 16:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009/10/07 16:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 16:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/03/23 16:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/03/23 16:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/03/23 16:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/02/17 10:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 10:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/08/11 13:49:28 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/06/06 17:43:04 | 000,925,192 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/30 04:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/13 10:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 04:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - File not found
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - File not found
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Khode\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Khode\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Khode\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/09 17:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/09 17:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 21:32:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 12:39:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Khode\Application Data\IDM\idmmzcc5 [2011/09/03 18:28:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Khode\Application Data\IDM\idmmzcc5 [2011/09/03 18:28:07 | 000,000,000 | ---D | M]

[2010/04/10 17:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Extensions
[2011/08/27 12:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions
[2007/09/18 23:15:35 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2010/04/27 18:42:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/30 12:46:25 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2007/09/18 23:15:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/08/17 18:51:55 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/09 23:14:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/03/28 18:23:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2008/11/26 16:22:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011/03/12 18:25:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/27 17:11:24 | 000,000,000 | ---D | M] (MegaUpload DownloadHelper) -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\extensions\[email protected]
[2011/02/27 14:08:03 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\searchplugins\askcom.xml
[2010/04/09 21:09:28 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\searchplugins\bing.xml
[2008/06/22 16:00:32 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Khode\Application Data\Mozilla\Firefox\Profiles\0ty2iih0.default\searchplugins\wikipedia-en.xml
[2011/07/13 23:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 20:53:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/13 23:33:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/06/29 01:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2008/06/28 17:05:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2011/09/03 18:28:07 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\KHODE\APPLICATION DATA\IDM\IDMMZCC5
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KHODE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0TY2IIH0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KHODE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0TY2IIH0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KHODE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0TY2IIH0.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KHODE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0TY2IIH0.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KHODE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0TY2IIH0.DEFAULT\EXTENSIONS\[email protected]
[2011/07/13 23:32:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/17 21:32:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/23 14:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/13 23:32:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - File not found
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (F23C0A24-5DA5-F545-80B4-C7A2F90A6E0F Class) - {F23C0A24-5DA5-F545-80B4-C7A2F90A6E0F} - File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - File not found
O3 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE (CANON INC.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Funshion] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [WireLessMouse] File not found
O4 - HKLM..\Run: [极速酷6] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [BitComet] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE (CANON INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..Trusted Domains: wa.gov.au ([webmail.melville] https in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201928022796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.242.33 61.9.226.33
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Khode\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Khode\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/31 23:34:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{85867374-f3f4-11db-b151-001731808702}\Shell - "" = AutoRun
O33 - MountPoints2\{85867374-f3f4-11db-b151-001731808702}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85867374-f3f4-11db-b151-001731808702}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-436374069-1592454029-839522115-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 18:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\funshion
[2011/08/31 18:37:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Khode\My Documents\OTL.exe
[2011/08/31 17:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\My Documents\River of Wine
[2011/08/28 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/08/28 17:57:42 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/08/28 17:57:42 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2011/08/28 17:57:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2011/08/25 00:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\Downloads
[2011/08/25 00:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\Local Settings\Application Data\TomTom
[2011/08/25 00:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\Start Menu\Programs\TomTom
[2011/08/25 00:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011/08/25 00:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\MyTomTom 3
[2011/08/17 21:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\My Documents\virgin flights_files
[2011/08/17 21:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\My Documents\virgin_files
[2011/08/14 21:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Khode\My Documents\tomtom-via-220-in-car-gps_files
[2011/01/11 18:15:35 | 000,255,497 | ---- | C] (Collabo Interactive Solutions) -- C:\Program Files\RMPly00.exe
[2010/07/11 21:31:49 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2010/07/11 21:31:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2010/07/11 21:31:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/07/08 15:03:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Khode\Application Data\pcouffin.sys
[87 C:\Documents and Settings\Khode\My Documents\*.tmp files -> C:\Documents and Settings\Khode\My Documents\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 15:16:11 | 033,195,338 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\(AEU)UAD-16-.rmvb.part
[2011/09/04 15:16:11 | 023,168,227 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\BHFD-102-HDz.rmvb.part
[2011/09/04 15:13:47 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Khode\Desktop\Microsoft Office Excel 2003.lnk
[2011/09/04 15:10:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\BHFD-102-HDz.rmvb
[2011/09/04 15:08:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\(AEU)UAD-16-.rmvb
[2011/09/04 15:03:49 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Khode\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 14:45:26 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/04 14:45:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/04 14:45:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 14:45:18 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/09/04 14:43:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/09/04 14:43:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/04 14:43:20 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/04 14:42:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 14:42:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/04 14:42:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/03 22:43:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 18:30:30 | 000,520,420 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/03 18:30:30 | 000,088,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/03 18:24:14 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Khode\FunShion.ini
[2011/09/03 18:11:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Khode\FunshionService.timestamp
[2011/09/03 12:47:34 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Khode\Desktop\Shortcut to MyTomTomSA.exe.lnk
[2011/09/03 12:38:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/31 21:21:23 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Khode\Application Data\coreavc.ini
[2011/08/31 18:41:37 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\RKUnhookerLE.EXE
[2011/08/31 18:37:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Khode\My Documents\OTL.exe
[2011/08/29 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/08/28 22:56:52 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/08/28 22:48:07 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/28 17:58:24 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Khode\Desktop\Microsoft Office Word 2003.lnk
[2011/08/25 00:43:03 | 006,054,757 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\TomTom-Via-en-GB.pdf
[2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/17 23:33:38 | 000,104,051 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\Job-Application-Form.pdf
[2011/08/17 21:42:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/17 21:26:54 | 000,372,691 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\virgin flights.htm
[2011/08/17 21:26:39 | 000,030,864 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\virgin.htm
[2011/08/14 21:05:36 | 000,270,083 | ---- | M] () -- C:\Documents and Settings\Khode\My Documents\tomtom-via-220-in-car-gps.htm
[87 C:\Documents and Settings\Khode\My Documents\*.tmp files -> C:\Documents and Settings\Khode\My Documents\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 15:10:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\BHFD-102-HDz.rmvb
[2011/09/04 15:10:41 | 001,082,595 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\BHFD-102-HDz.rmvb.part
[2011/09/04 15:08:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\(AEU)UAD-16-.rmvb
[2011/09/04 15:08:37 | 011,568,458 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\(AEU)UAD-16-.rmvb.part
[2011/09/03 18:11:06 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Khode\FunShion.ini
[2011/09/03 12:47:34 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Khode\Desktop\Shortcut to MyTomTomSA.exe.lnk
[2011/09/01 00:31:01 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/08/31 20:20:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Khode\FunshionService.timestamp
[2011/08/31 18:41:29 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\RKUnhookerLE.EXE
[2011/08/31 18:09:37 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Khode\Application Data\coreavc.ini
[2011/08/28 22:48:07 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/25 00:43:03 | 006,054,757 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\TomTom-Via-en-GB.pdf
[2011/08/17 23:33:37 | 000,104,051 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\Job-Application-Form.pdf
[2011/08/17 21:26:54 | 000,372,691 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\virgin flights.htm
[2011/08/17 21:26:39 | 000,030,864 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\virgin.htm
[2011/08/14 21:05:31 | 000,270,083 | ---- | C] () -- C:\Documents and Settings\Khode\My Documents\tomtom-via-220-in-car-gps.htm
[2011/07/20 21:34:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/20 21:34:07 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/20 21:34:07 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/20 21:33:58 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/30 22:31:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 22:31:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/23 19:44:02 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/15 16:30:02 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/15 16:30:02 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/15 16:29:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Khode\Application Data\$_hpcst$.hpc
[2010/09/11 20:03:04 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Khode\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 23:53:31 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/11 21:57:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/11 21:31:50 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2010/07/11 21:31:49 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2010/07/11 21:31:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe
[2010/05/24 17:08:26 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/04/26 13:43:52 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/02/01 21:30:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\PPWORDW.DLL
[2010/02/01 21:30:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PPadApi.dll
[2009/12/05 15:44:27 | 000,065,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/07 21:02:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/22 21:53:34 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Khode\Application Data\vso_ts_preview.xml
[2008/09/29 20:48:34 | 000,000,043 | ---- | C] () -- C:\WINDOWS\twinnt30.ini
[2008/08/24 16:50:41 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/08/24 16:50:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/08/15 22:47:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/08 15:03:28 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/07/08 15:03:14 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Khode\Application Data\ezpinst.exe
[2008/07/08 15:03:14 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Khode\Application Data\pcouffin.cat
[2008/07/08 15:03:14 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Khode\Application Data\pcouffin.inf
[2008/05/17 21:01:05 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2008/04/28 16:22:33 | 000,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/04/17 10:44:21 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\rtl2.dat
[2008/04/17 10:44:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\rtl3.dat
[2008/04/06 17:33:35 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/04/06 17:33:35 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/04/06 17:33:35 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/04/06 17:33:35 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/04/06 17:33:35 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/04/06 17:33:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/19 22:20:01 | 004,112,760 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/05/16 19:43:54 | 000,000,046 | ---- | C] () -- C:\WINDOWS\‚¨‚Å‚ñ.INI
[2007/05/06 14:00:49 | 000,001,368 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/11 11:19:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/07 22:32:04 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/11/17 12:27:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2006/11/06 19:12:03 | 000,001,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/06 18:17:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/03 20:02:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/11/03 19:53:53 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/11/03 19:41:05 | 000,002,330 | ---- | C] () -- C:\WINDOWS\twinnt50.ini
[2006/11/02 21:40:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/11/02 21:40:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/11/02 21:40:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/11/02 21:40:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/11/02 21:40:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/11/02 21:40:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/11/02 21:40:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/11/02 21:40:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/11/02 21:40:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/11/01 21:53:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/01 07:12:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/01 07:11:28 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/01 00:02:50 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/11/01 00:02:49 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/01 00:02:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/01 00:02:48 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/01 00:02:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/01 00:02:46 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/01 00:02:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/11/01 00:02:46 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/01 00:02:45 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/11/01 00:02:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/01 00:02:43 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/11/01 00:01:56 | 000,021,664 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2006/10/31 23:54:41 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/10/31 23:54:40 | 000,021,309 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/10/31 23:54:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/31 23:52:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 23:36:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/31 23:31:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 06:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,520,420 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,088,416 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Files - Unicode (All) ==========
[2011/04/09 16:55:51 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$??.doc) -- C:\Documents and Settings\Khode\My Documents\~$初見.doc
[2011/04/09 16:55:51 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$??.doc) -- C:\Documents and Settings\Khode\My Documents\~$初見.doc
[2009/03/30 16:07:17 | 000,347,136 | ---- | M] ()(C:\Documents and Settings\Khode\My Documents\???.doc) -- C:\Documents and Settings\Khode\My Documents\駱應鈞.doc
[2008/10/23 13:45:36 | 000,347,136 | ---- | C] ()(C:\Documents and Settings\Khode\My Documents\???.doc) -- C:\Documents and Settings\Khode\My Documents\駱應鈞.doc
[2008/09/07 13:43:41 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$99????.doc) -- C:\Documents and Settings\Khode\My Documents\~$99次我愛他.doc
[2008/09/07 13:43:41 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$99????.doc) -- C:\Documents and Settings\Khode\My Documents\~$99次我愛他.doc
[2008/06/04 12:31:40 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$??????.doc) -- C:\Documents and Settings\Khode\My Documents\~$無線谷劇有方.doc
[2008/06/04 12:31:40 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$??????.doc) -- C:\Documents and Settings\Khode\My Documents\~$無線谷劇有方.doc
[2008/02/13 13:45:55 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$李玲詩.doc
[2008/02/13 13:45:55 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$李玲詩.doc
[2007/06/20 11:47:46 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$陳百強.doc
[2007/06/20 11:47:46 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$陳百強.doc
[2007/04/25 13:54:18 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$關菊英.doc
[2007/04/25 13:54:18 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$關菊英.doc
[2007/02/14 19:12:43 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$????????? 1.doc) -- C:\Documents and Settings\Khode\My Documents\~$深雨濛濛音樂全紀綠 1.doc
[2007/02/14 19:12:43 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$????????? 1.doc) -- C:\Documents and Settings\Khode\My Documents\~$深雨濛濛音樂全紀綠 1.doc
[2007/01/28 14:44:03 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$愛愛愛.doc
[2007/01/28 14:44:03 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$???.doc) -- C:\Documents and Settings\Khode\My Documents\~$愛愛愛.doc
[2007/01/21 14:55:44 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Khode\My Documents\~$????.doc) -- C:\Documents and Settings\Khode\My Documents\~$愛得太遲.doc
[2007/01/21 14:55:44 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Khode\My Documents\~$????.doc) -- C:\Documents and Settings\Khode\My Documents\~$愛得太遲.doc

< End of report >

RK Hook scan

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xEC76E000 C:\WINDOWS\system32\DRIVERS\lvuvc.sys 6750208 bytes (Logitech Inc., Logitech USB Video Class Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3956736 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 82.05 )
0xF6031000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3538944 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.05 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF72F4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xECE16000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF14DF000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xECF1C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9CB5000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF5F67000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9739000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEC72E000 C:\WINDOWS\system32\DRIVERS\lvrs.sys 262144 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0xF5F30000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF5E43000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF5E9F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7451000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF72C7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9DD4000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB50DE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xECE85000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xECEF4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF155F000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 155648 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xF73FB000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF5FB2000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF5EF8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9603000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5FD7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9626000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF5FFA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xECED2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xECEB0000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xECDDE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF153F000 C:\WINDOWS\system32\drivers\AEAudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF73AA000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7421000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72AC000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEC715000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 102400 bytes
0xECF87000 C:\WINDOWS\System32\Drivers\InCDfs.SYS 102400 bytes (Nero AG, InCD File System Driver)
0xF73CA000 nvata.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce™ IDE Performance Driver)
0xF73E3000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xECDFF000 C:\WINDOWS\system32\DRIVERS\idmtdi.sys 94208 bytes (Tonec Inc., Internet Download Manager TDI Driver)
0xF7381000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5EE1000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB97C8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5F1C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF601D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xECF74000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7398000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7440000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5ED0000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF2028000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7640000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7780000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xED3CC000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF77A0000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF75F0000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7590000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6B23000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF3022000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xED39C000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF7720000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF6B53000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF75A0000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF6B33000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75E0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7790000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77B0000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75C0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6421000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF6B43000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75B0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77C0000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7710000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7600000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6401000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB52A9000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75D0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xED3EC000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF2008000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xED3BC000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7770000 C:\WINDOWS\System32\Drivers\incdrm.SYS 36864 bytes (Nero AG, Ahead MRW Filter Driver)
0xF7580000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6411000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xED4B8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xED4D8000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xED3DC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7950000 C:\WINDOWS\System32\DRIVERS\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xED324000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xED2FC000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7968000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xED30C000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7800000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7948000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7958000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7970000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7988000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xED31C000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF2DC0000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xED5D7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xED5E7000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7848000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xED32C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7808000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7978000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7980000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7838000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7940000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7960000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF22F2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A78000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEEB44000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A44000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF7A48000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7990000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF1C0D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A4C000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xEDEA3000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEE900000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xEDE9F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEE8FC000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEE8F4000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7AD8000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7A9A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A84000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF28D7000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A98000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A80000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A9C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7ACE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7A9E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7ADA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B08000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A82000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C2A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B7B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C27000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xED260000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B48000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 04 September 2011 - 10:40 AM

Hi-

Thank you for the reports. I haven't had a chance to review all of them yet. In the meantime, please download Malwarebytes' Anti-Malware (MBAM) from HERE.

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If you are unable to get MBAM to run, download one of the following Rkill programs to your desktop, run it, and then try MBAM again. If you are unable run the Rkill you downloaded, download another one, and try it.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Please copy the contents of the MBAM report into your reply.
Shannon

#9 greenT21

greenT21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 05 September 2011 - 09:09 AM

Hi Shannon,

Here is the scan: Thanx heaps :)


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7655

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/09/2011 7:25:04 PM
mbam-log-2011-09-05 (19-25-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 321472
Time elapsed: 1 hour(s), 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039AB-2117-4ED5-A85F-9B9EB903E021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0409743C-E5E3-4BDD-9EC7-EFF622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40722371-E24C-4B36-8E76-010BB6C7185B} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\NOWSTARTER.NowStarterCtrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AddressSearch.JsObject.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AddressSearch.JsObject (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ASBarBroker.BDBroker.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ASBarBroker.BDBroker (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AddressSearch.SnavHttpProtocol.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AddressSearch.SnavHttpProtocol (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109FD3D-D891-4f80-8339-50A4913ACE6F} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410CDE-6F16-42ce-9D49-3807F78F0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Value: ZangoToolbar 4.8.3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Funshion (Adware.Funshion) -> Value: Funshion -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\RMPly00.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP62\A0033979.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP62\A0034042.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP62\A0034043.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP62\A0034046.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034223.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034225.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034236.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034238.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034239.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034241.dll (Adware.Funshion) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6782d98-25c7-4513-858a-3f24d7b45929}\RP63\A0034249.dll (Adware.Funshion) -> Quarantined and deleted successfully.

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 05 September 2011 - 11:21 AM

Hi-

MBAM did find some items to clear off, but most of them were in the Restore area and out of the way.

We need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - File not found
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - File not found
IE - HKU\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Khode\Application Data\nprhapengine.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - File not found
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - File not found
O2 - BHO: (F23C0A24-5DA5-F545-80B4-C7A2F90A6E0F Class) - {F23C0A24-5DA5-F545-80B4-C7A2F90A6E0F} - File not found
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - File not found
O4 - HKLM..\Run: [Funshion] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [WireLessMouse] File not found
O4 - HKLM..\Run: [???6] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [BitComet] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-436374069-1592454029-839522115-1003..\Run: [PowerBar] File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O33 - MountPoints2\{85867374-f3f4-11db-b151-001731808702}\Shell - "" = AutoRun
O33 - MountPoints2\{85867374-f3f4-11db-b151-001731808702}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85867374-f3f4-11db-b151-001731808702}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
:commands
[emptytemp]
[resethosts]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.

Next, download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Copy the contents of the report in your next reply.
In your reply copy in the contents of the OTL Fix report and the Kaspersky Virus Removal Tool report.
Shannon

#11 greenT21

greenT21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 September 2011 - 02:12 AM

Hi Shannon,

I have the OTL scan report. I also did a scan with the Kaspersky virus scan but, i had trouble trying to get the log report as shown below.

However, I did have trouble trying to get the log scan from the Kaspersky virus scan because it kept freezing up my computer whenI tried to copy it and paste it into notepad. At the end I had to restart it. The scan is no longer there but, when I did the scan, it did detect a few threats that were trojans, and they were quarantined/deleted. Is there any way of retrieving that log? When I restarted the computer it asked me to reinstall and of course redoing the scan,there isn't any threats.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930f1200-f5f1-4870-bac6-e233ec8e7023}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
HKU\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://www.bing.com/search?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930f1200-f5f1-4870-bac6-e233ec8e7023}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F23C0A24-5DA5-F545-80B4-C7A2F90A6E0F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F23C0A24-5DA5-F545-80B4-C7A2F90A6E0F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930f1200-f5f1-4870-bac6-e233ec8e7023}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Funshion not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WireLessMouse deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\???6 not found.
Registry value HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85867374-f3f4-11db-b151-001731808702}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85867374-f3f4-11db-b151-001731808702}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85867374-f3f4-11db-b151-001731808702}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85867374-f3f4-11db-b151-001731808702}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85867374-f3f4-11db-b151-001731808702}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85867374-f3f4-11db-b151-001731808702}\ not found.
File E:\LaunchU3.exe -a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ahead

User: All Users

User: CyberLink

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Firefox

User: Khode
->Temp folder emptied: 783290714 bytes
->Temporary Internet Files folder emptied: 112944566 bytes
->Java cache emptied: 13959644 bytes
->FireFox cache emptied: 320058537 bytes
->Apple Safari cache emptied: 2065408 bytes
->Flash cache emptied: 2616307 bytes

User: Kyodai

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 11027340 bytes
->Flash cache emptied: 405 bytes

User: Messenger

User: Midgie
->Temp folder emptied: 1474640 bytes
->Temporary Internet Files folder emptied: 976309 bytes
->FireFox cache emptied: 55136088 bytes
->Flash cache emptied: 1726 bytes

User: Nero

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13091042 bytes

User: Real

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4285428 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6102160 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64719368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 859764351 bytes

Total Files Cleaned = 2,147.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.7 log created on 09062011_205723

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by greenT21, 07 September 2011 - 02:13 AM.


#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 07 September 2011 - 09:01 AM

Hi-

As far as I know, Kaspersky Virus Removal Tool does not save a log or report. Just to make sure your computer is clean, we will run ESET OnlineScan.

ESET OnlineScan -
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

In your reply, please copy in the ESET OnlineScan report (if you get one). If ESET doesn't find any problems, it doesn't display a report. Also, let me know how your computer is doing.
Shannon

#13 greenT21

greenT21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 11 September 2011 - 12:48 AM

ESET scan:

C:\Program Files\Trend Micro\HijackThis\backups\backup-20100911-141424-313-PowerReg Scheduler.exe Win32/PowerReg application

My computer is running better but, it still takes a long time to log onto the internet. Just recently, I was online and the webpages were loading for a long time and then it forze and all of a sudden my computer turned itself off- restarted. This was after I had scanned the my computer with the Kaspersky virus. I'm not too sure, whether that is relevant?

Thanks :)

Edited by greenT21, 11 September 2011 - 12:53 AM.


#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:05 PM

Posted 11 September 2011 - 10:11 AM

Hi-

Let's see what this communications tool can find -

Please download MiniToolBox and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
Click Go and post the result (Result.txt).
Shannon

#15 greenT21

greenT21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 14 September 2011 - 05:18 AM

I just want to ask you whether the application funshion is it really a threat? I have read that it is a spyware/trojan but, it just that a lot of people are using it and they seem to have no problem.


Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : khode-pc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : wa.bigpond.net.au



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : wa.bigpond.net.au

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-80-87-02

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 58.160.238.184

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 58.160.236.1

DHCP Server . . . . . . . . . . . : 172.18.57.155

DNS Servers . . . . . . . . . . . : 61.9.242.33

61.9.226.33

Lease Obtained. . . . . . . . . . : Wednesday, 14 September 2011 5:54:43 PM

Lease Expires . . . . . . . . . . : Thursday, 15 September 2011 5:53:10 PM

Server: dns-cust.wel.bigpond.net.au
Address: 61.9.242.33

Name: google.com.net.au
Address: 199.101.28.130



Pinging google.com [74.125.237.51] with 32 bytes of data:



Reply from 74.125.237.51: bytes=32 time=69ms TTL=50

Reply from 74.125.237.51: bytes=32 time=68ms TTL=49



Ping statistics for 74.125.237.51:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 69ms, Average = 68ms

Server: dns-cust.wel.bigpond.net.au
Address: 61.9.242.33

Name: yahoo.com.net.au
Address: 199.101.28.130



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=270ms TTL=47

Reply from 72.30.2.43: bytes=32 time=268ms TTL=47



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 268ms, Maximum = 270ms, Average = 269ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 80 87 02 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 58.160.236.1 58.160.238.184 20
58.160.236.0 255.255.252.0 58.160.238.184 58.160.238.184 20
58.160.238.184 255.255.255.255 127.0.0.1 127.0.0.1 20
58.255.255.255 255.255.255.255 58.160.238.184 58.160.238.184 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 58.160.238.184 58.160.238.184 20
224.0.0.0 240.0.0.0 58.160.238.184 58.160.238.184 20
255.255.255.255 255.255.255.255 58.160.238.184 58.160.238.184 1
Default Gateway: 58.160.236.1
===========================================================================
Persistent Routes:
None

**** End of log ****

Edited by greenT21, 14 September 2011 - 07:38 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users