Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keylogger.aa help


  • This topic is locked This topic is locked
10 replies to this topic

#1 ssx345

ssx345

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 08 October 2008 - 12:46 AM

I ran into this trojan and i would appreciate some help.
Edit: I did a scan with spybot and malwarebytes and i haven't seen that pop up in a while but i still wan't a log check
just in case.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:44 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
J:\Program Files\HotKeyBind\HotKeyBind.exe
C:\Program Files\Speeditup Free\SpeedItUp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 24.21.135.99 204.13.11.27
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WindowBlinds] J:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [HotKeyBind.exe] J:\Program Files\HotKeyBind\HotKeyBind.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [tK3kYd0DhQ] C:\Documents and Settings\All Users\Application Data\olwvwhwz\ozcbmfoz.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WinMySQLadmin.lnk = N:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games โ€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games โ€“ Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games โ€“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file:///C:/Documents%20and%20Settings/Owner.Shan/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games โ€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 20263 bytes

Edited by ssx345, 08 October 2008 - 08:48 AM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 PM

Posted 12 October 2008 - 03:54 PM

Hello, ssx345.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
I recomend you remove either Avira or McAfee.

Unless otherwise listed below, you can remove these AV programs from Add/Remove Programs.

Instructions for removing McAfee can be found here: McAfee Consumer Product Removal Tool

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Billy3

Edited by Billy O'Neal, 12 October 2008 - 03:55 PM.
IPB Hickup

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 ssx345

ssx345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 13 October 2008 - 03:35 AM

OTViewIt logfile created on: 10/12/2008 2:55:39 PM - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Owner.Shan\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 51.50% Memory free
1.91 Gb Paging File | 1.28 Gb Available in Paging File | 67.04% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 30.73 Gb Free Space | 21.38% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.41 Gb Free Space | 64.46% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.53 Gb Total Space | 35.35 Gb Free Space | 47.43% Space Free | Partition Type: NTFS

Computer Name: SHAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2005/08/05 20:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2006/07/31 10:52:25 | 00,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2005/12/09 18:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
[2004/10/18 17:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2006/12/15 03:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[2007/05/14 15:22:22 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2002/03/19 17:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
[2006/07/31 10:52:25 | 00,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
[2007/04/26 16:54:30 | 00,774,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
[2007/04/26 17:22:32 | 01,132,056 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
[2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/07/31 10:52:25 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
[2006/01/23 15:42:58 | 00,196,608 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[2004/11/03 14:03:00 | 00,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
[2007/08/03 22:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/03/26 16:14:12 | 16,859,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2007/04/26 16:53:24 | 00,203,288 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
[2007/04/26 16:53:48 | 00,388,120 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
[2007/04/26 16:54:56 | 00,321,048 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
[2007/08/01 17:08:38 | 03,965,440 | ---- | M] (MicroSmarts LLC.) -- C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
[2007/04/26 16:54:18 | 00,374,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
[2007/09/26 18:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
[2004/08/10 12:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2004/11/03 14:03:00 | 00,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1154369075\EE\AOLServiceHost.exe
[2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/08/21 00:24:46 | 02,068,527 | ---- | M] () -- C:\Program Files\Free Download Manager\fdm.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2004/11/15 23:30:38 | 00,884,224 | ---- | M] (Marco Barisione (marco.bari@vene.ws)) -- J:\Program Files\HotKeyBind\HotKeyBind.exe
[2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2004/10/20 07:40:04 | 00,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2004/10/15 13:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
[2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2004/10/15 13:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
[2007/05/09 09:48:58 | 00,700,416 | ---- | M] (CNET Networks) -- C:\Program Files\GameSpot\DownloadManager_Win32.exe
[2006/04/10 04:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/10/20 19:55:40 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSysTry.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/08/05 20:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/05/24 04:25:12 | 00,278,528 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2005/12/05 13:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
[2007/05/09 09:48:26 | 00,237,568 | ---- | M] () -- C:\Program Files\GameSpot\GDM_TrayApp.exe
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/09/17 09:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
[2007/07/13 04:37:34 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/07/31 10:50:21 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2005/10/20 19:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
[2005/12/05 14:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
[2005/08/04 01:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2005/12/15 11:57:34 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
[2005/04/28 22:20:26 | 05,046,784 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
[2005/10/20 19:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe
[2008/10/08 18:14:00 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2005/08/05 20:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2006/12/15 03:23:26 | 00,251,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
[2008/10/12 14:55:06 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Shan\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto | Running])
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2004/10/20 07:40:04 | 00,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2004/10/15 13:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Running])
[2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/09/28 19:56:32 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
File not found -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/05/09 09:48:58 | 00,700,416 | ---- | M] (CNET Networks) -- C:\Program Files\GameSpot\DownloadManager_Win32.exe -- (DNADownloader [Auto | Running])
[2006/04/10 04:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 20:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/02/01 20:27:18 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2005/10/20 19:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe -- (McrdSvc [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/09/17 09:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2007/07/13 04:37:34 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/07/31 10:50:21 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2005/10/20 20:20:06 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qwave.dll -- (QWAVE [Unknown | Stopped])
[2005/10/20 19:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc [Auto | Running])
[2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[2005/12/05 14:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
[2005/08/04 01:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- (WMP54GSSVC [Auto | Running])

========== Driver Services ==========

[2008/02/10 16:17:24 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2004/08/04 06:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Boot | Running])
[2005/01/10 10:45:56 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K [On_Demand | Running])
[2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/07/31 11:05:14 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2007/09/28 20:05:59 | 02,456,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2004/12/22 01:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
[2006/08/24 20:47:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2006/08/24 20:47:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2005/12/21 10:14:52 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT [On_Demand | Stopped])
[2005/12/21 10:14:52 | 00,019,712 | ---- | M] (Pinnacle Systems, Inc.) -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\Drivers\EMSUSB2.SYS -- (EMSUSB2 [On_Demand | Stopped])
[2004/10/25 21:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2005/12/21 10:14:52 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA [On_Demand | Stopped])
[2004/08/10 12:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running])
[2003/06/12 02:56:44 | 00,098,304 | R--- | M] (ATMEL) -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/27 17:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/27 17:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/27 17:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/03/17 09:50:36 | 00,221,440 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
[2005/03/17 09:51:16 | 01,033,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Stopped])
[2008/03/26 18:37:26 | 04,713,472 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/04 05:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2005/09/22 04:12:34 | 00,027,136 | ---- | M] () -- C:\WINDOWS\system32\drivers\LADriver.sys -- (LADriver [System | Running])
[2005/09/22 03:17:10 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\LDDriver.sys -- (LDDriver [System | Running])
[2005/09/22 04:21:24 | 00,014,336 | ---- | M] () -- C:\WINDOWS\system32\drivers\LHDriver.sys -- (LHDriver [System | Running])
[2005/06/02 19:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2006/11/20 09:40:28 | 00,023,217 | R--- | M] (INCA Internet Co., Ltd.) -- J:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2006/11/09 15:49:24 | 00,015,472 | R--- | M] (INCA Internet Co., Ltd.) -- J:\Nexon\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Stopped])
[2008/09/17 09:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/10/15 17:52:50 | 00,174,530 | R--- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519 [On_Demand | Stopped])
[2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2005/11/29 14:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [Boot | Running])
[2004/08/10 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2005/10/20 20:20:06 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qwavedrv.sys -- (QWAVEDRV [Unknown | Stopped])
[2006/01/18 18:41:00 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2006/10/10 12:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2007/01/09 14:09:48 | 00,030,720 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2005/12/21 10:14:52 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA [On_Demand | Stopped])
[2004/08/10 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/08/04 06:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2007/06/10 01:19:42 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/30 22:12:46 | 00,055,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv [System | Running])
[2008/04/30 22:12:46 | 00,042,048 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon [System | Running])
[2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2006/04/20 00:44:38 | 00,479,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2005/03/17 09:50:32 | 00,705,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\XDva009.sys -- (XDva009 [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\XDva186.sys -- (XDva186 [On_Demand | Stopped])
[2007/02/26 18:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048
"Search Page"=http://www.google.com
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048
"Search Page"=http://www.google.com
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5048

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (265944 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
24.21.135.99 204.13.11.27
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
9213 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- c:\WINDOWS\system32\bae.dll (Gateway Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdmcks.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ()
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe ()
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
"HostManager"=C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe (America Online, Inc.)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" (Logitech Inc.)
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE (Logitech Inc.)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe" -mini (MicroSmarts LLC.)
"PCLEUSBTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE ()
"Reminder"=%WINDIR%\Creator\Remind_XP.exe (SoftThinks)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" (Sun Microsystems, Inc.)
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" (Pinnacle Systems GmbH)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun ()
"HotKeyBind.exe"=J:\Program Files\HotKeyBind\HotKeyBind.exe (Marco Barisione (marco.bari@vene.ws))
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Power2GoExpress"=NA File not found
"SpeedItUpEX"=C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI (MicroSmarts LLC.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WindowBlinds"=J:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe File not found

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun ()
"HotKeyBind.exe"=J:\Program Files\HotKeyBind\HotKeyBind.exe (Marco Barisione (marco.bari@vene.ws))
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Power2GoExpress"=NA File not found
"SpeedItUpEX"=C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI (MicroSmarts LLC.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WindowBlinds"=J:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe File not found

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/10/04 01:12:18 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/10/20 19:55:40 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/12/15 13:00:54 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2005/05/24 04:25:12 | 00,278,528 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2005/12/05 13:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
[2007/05/09 09:48:26 | 00,237,568 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
[2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.Shan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
File not found -- C:\Documents and Settings\Owner.Shan\Start Menu\Programs\Startup\WinMySQLadmin.lnk = N:\xampp\mysql\bin\winmysqladmin.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"tK3kYd0DhQ"=C:\Documents and Settings\All Users\Application Data\olwvwhwz\ozcbmfoz.exe -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{0483894E-2422-45E0-8384-021AFF1AF3CD}: Button: iOpus Internet Macros -- %ProgramFiles%\InternetMacros\imacros.dll File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [2006/12/15 03:23:25 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab -- StagingUI Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab -- MSN Games – Buddy Invite
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- McAfee.com Operating System Class
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab -- ZonePAChat Object
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}: http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab -- UnoCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{95B5D20C-BD31-4489-8ABF-F8C8BE748463}: http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab -- MSN Games – Hearts
{9BDF4724-10AA-43D5-BD15-AEA0D2287303}: http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab -- MSN Games – Texas Holdem Poker
{A4110378-789B-455F-AE86-3A1BFC402853}: http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab -- ZPA_SHVL Object
{B49C4597-8721-4789-9250-315DFBD9F525}: http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab -- IWinAmpActiveX Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BE833F39-1E0C-468C-BA70-25AAEE55775E}: http://www.systemrequirementslab.com/sysreqlab.cab -- System Requirements Lab Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: file:///C:/Documents%20and%20Settings/Owner.Shan/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab -- MSN Games – Game Communicator
{F773E7B2-62A9-4524-9109-87D2F0BEFAA4}: http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab -- ChessControl Class

========== (O17) DNS Name Servers ==========

{28D30BB1-51C1-4516-95A3-C67CD67F53B1} (Servers: 192.168.1.1 | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{63AFCEAE-C48D-4F23-9805-C22E83C20CA1} (Servers: | Description: )
{AF41925E-DCA9-4B51-B228-3B747B96BAAD} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{AFA5E0B0-BCC9-4AC7-B474-D7B78E324B3C} (Servers: | Description: Linksys Wireless-G PCI Network Adapter with SpeedBooster)
{C0839DB7-0732-47C4-9EF7-D61509653287} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
>[2006/07/31 10:52:25 | 00,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ]
[2008/02/05 22:50:01 | 00,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\1\Command]
""=.\RECYCLER\RECYCLER\autorun.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\2\Command]
""=.\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 20:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 20:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\Shell\AutoRun\command]
""=M:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/12 14:55:05 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Shan\Desktop\OTViewIt.exe
[2008/10/12 14:13:12 | 00,003,921 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\7519081.THM
[2008/10/12 14:11:30 | 19,402,170 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\7519081.mp4
[2008/10/12 14:09:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\5520490.mp4
[2008/10/12 13:59:44 | 15,987,476 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\7519081.flv
[2008/10/12 13:57:19 | 07,807,385 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\5520490.flv
[2008/10/12 13:40:18 | 00,005,490 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\11000318.THM
[2008/10/12 13:39:08 | 11,536,592 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\11000318.mp4
[2008/10/12 13:39:06 | 00,004,805 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\11009955.THM
[2008/10/12 13:38:07 | 08,220,005 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\11009955.mp4
[2008/10/12 13:38:04 | 00,004,604 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\1798853.THM
[2008/10/12 13:37:55 | 01,402,613 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\1798853.mp4
[2008/10/12 13:36:07 | 08,033,223 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\11000318.flv
[2008/10/12 13:35:25 | 05,536,283 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\11009955.flv
[2008/10/12 13:34:34 | 01,038,150 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\1798853.flv
[2008/10/12 12:55:47 | 03,366,023 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\10566964.flv
[2008/10/07 22:15:24 | 00,128,336 | ---- | C] (Digital River) -- C:\Documents and Settings\Owner.Shan\Desktop\Download_snm-2.67_swpl.exe
[2008/10/07 21:18:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\Application Data\Malwarebytes
[2008/10/07 21:18:50 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/07 21:18:50 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/07 21:18:49 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/07 21:18:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/07 21:15:36 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Shan\Desktop\mbam-setup.exe
[2008/10/07 21:05:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\HijackThis.lnk
[2008/10/07 21:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/07 21:02:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.Shan\Desktop\HJTInstall.exe
[2008/10/06 22:13:01 | 14,968,808 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Shan\Desktop\spybotsd160.exe
[2008/10/06 22:01:50 | 16,080,44544 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/06 01:00:48 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/10/06 01:00:38 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/10/06 01:00:37 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/10/06 01:00:37 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/10/06 01:00:34 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/10/06 01:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/10/06 01:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/10/06 00:56:59 | 25,085,704 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Desktop\antivir_workstation_winu_en_h.exe
[2008/10/06 00:50:50 | 00,000,000 | ---D | C] -- C:\Program Files\umtjtgf
[2008/10/06 00:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\olwvwhwz
[2008/10/06 00:50:33 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ytonsrsh.exe
[2008/10/04 14:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\My Documents\dtx
[2008/10/04 14:49:39 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2008/10/04 14:49:39 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2008/10/04 14:49:38 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2008/10/04 14:49:37 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2008/10/04 14:49:37 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2008/10/04 14:49:37 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2008/10/04 14:49:35 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2008/10/04 14:49:35 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2008/10/04 14:49:34 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2008/10/04 14:49:34 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2008/10/04 14:49:33 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2008/10/04 14:49:33 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2008/10/04 14:49:32 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2008/10/04 14:49:31 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/10/04 14:49:29 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/10/04 14:49:27 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/10/04 14:49:23 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/10/04 14:49:23 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/10/04 14:49:18 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/10/04 14:47:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2008/10/04 00:23:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\My Documents\lol
[2008/10/04 00:23:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\My Documents\sysdata
[2008/10/04 00:23:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\My Documents\script
[2008/10/04 00:23:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\My Documents\map
[2008/10/01 22:25:36 | 00,000,492 | ---- | C] () -- C:\Documents and Settings\Owner.Shan\Start Menu\Programs\Startup\WinMySQLadmin.lnk
[2008/10/01 22:25:24 | 00,000,471 | ---- | C] () -- C:\WINDOWS\my.ini
[2008/09/20 16:08:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\My Documents\Command & Conquer 3 Kane's Wrath
[2008/09/20 16:07:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Shan\Application Data\Command & Conquer 3 Kane's Wrath
[2008/09/20 16:06:18 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/09/20 16:06:09 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/09/20 16:06:09 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/09/20 16:06:02 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2012/03/19 19:15:36 | 08,388,608 | ---- | M] () -- C:\Rainbow Six Rogue Spear.gba
[2008/10/12 14:55:06 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Shan\Desktop\OTViewIt.exe
[2008/10/12 14:50:51 | 00,012,925 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2008/10/12 14:49:50 | 00,194,727 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/12 14:49:46 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/12 14:49:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/12 14:49:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/12 14:49:20 | 16,080,44544 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/12 14:47:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/12 14:47:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/12 14:13:12 | 00,003,921 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\7519081.THM
[2008/10/12 14:13:09 | 19,402,170 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\7519081.mp4
[2008/10/12 14:10:57 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\5520490.mp4
[2008/10/12 14:01:16 | 15,987,476 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\7519081.flv
[2008/10/12 13:58:01 | 07,807,385 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\5520490.flv
[2008/10/12 13:40:18 | 00,005,490 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\11000318.THM
[2008/10/12 13:40:17 | 11,536,592 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\11000318.mp4
[2008/10/12 13:39:06 | 00,004,805 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\11009955.THM
[2008/10/12 13:39:05 | 08,220,005 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\11009955.mp4
[2008/10/12 13:38:04 | 01,402,613 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\1798853.mp4
[2008/10/12 13:38:04 | 00,004,604 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\1798853.THM
[2008/10/12 13:36:49 | 08,033,223 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\11000318.flv
[2008/10/12 13:35:41 | 05,536,283 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\11009955.flv
[2008/10/12 13:34:46 | 01,038,150 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\1798853.flv
[2008/10/12 12:56:22 | 03,366,023 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\10566964.flv
[2008/10/09 19:39:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/07 22:53:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/07 22:53:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/07 22:15:31 | 00,128,336 | ---- | M] (Digital River) -- C:\Documents and Settings\Owner.Shan\Desktop\Download_snm-2.67_swpl.exe
[2008/10/07 21:34:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/07 21:34:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/07 21:18:50 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/07 21:15:45 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.Shan\Desktop\mbam-setup.exe
[2008/10/07 21:05:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\HijackThis.lnk
[2008/10/07 21:02:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.Shan\Desktop\HJTInstall.exe
[2008/10/07 00:34:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/07 00:34:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/06 23:32:17 | 00,000,140 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/10/06 23:31:55 | 00,265,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/06 23:31:39 | 00,265,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081006-233155.backup
[2008/10/06 22:14:34 | 14,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.Shan\Desktop\spybotsd160.exe
[2008/10/06 13:30:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/06 01:00:48 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/10/06 00:59:33 | 25,085,704 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Desktop\antivir_workstation_winu_en_h.exe
[2008/10/05 12:14:56 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/01 22:25:56 | 00,000,471 | ---- | M] () -- C:\WINDOWS\my.ini
[2008/10/01 22:25:36 | 00,000,492 | ---- | M] () -- C:\Documents and Settings\Owner.Shan\Start Menu\Programs\Startup\WinMySQLadmin.lnk
[2008/10/01 01:00:28 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/09/22 23:41:32 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/17 09:55:00 | 01,724,416 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 09:55:00 | 01,657,376 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 09:55:00 | 01,503,232 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 09:55:00 | 01,346,080 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 09:55:00 | 01,101,824 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 09:55:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 09:55:00 | 00,449,056 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 09:55:00 | 00,436,768 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 09:55:00 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 09:55:00 | 00,201,050 | ---- | M] () -- C:\WINDOWS\System32\nvapps.nvb
[2008/09/17 09:55:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/09/17 09:55:00 | 00,018,394 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/15 01:11:57 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
< End of report >

OTViewIt Extras logfile created on: 10/12/2008 2:55:39 PM - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Owner.Shan\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 51.50% Memory free
1.91 Gb Paging File | 1.28 Gb Available in Paging File | 67.04% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 30.73 Gb Free Space | 21.38% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.41 Gb Free Space | 64.46% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.53 Gb Total Space | 35.35 Gb Free Space | 47.43% Space Free | Partition Type: NTFS

Computer Name: SHAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/10 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/11/07 10:23:16 | 00,991,736 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 09:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/04 11:43:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam™
"{0556F885-2415-4666-B53E-33727E46AEA1}"=The Movies™
"{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}"=Microsoft XNA Game Studio 2.0 (ARP entry)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}"=Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{11C2733C-488C-4668-9F8E-46BCC1801C5B}"=Sun xVM VirtualBox
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}"=Recovery Software Suite eMachines
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}"=iTunes
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}"=Media Center Extender
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}"=Microsoft XNA Framework Redistributable 2.0
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}"=Supreme Commander
"{26A373DB-162B-4B6E-A488-0BED0F0FB227}"=Hex Workshop v5
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}"=Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{31D95937-B237-405D-920C-A3EF4E482395}"=Supreme Commander - Forged Alliance
"{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}"=Microsoft XNA Game Studio 2.0 (Redists)
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}"=Microsoft XNA Game Studio 2.0 (spacewar)
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}"=Microsoft AppLocale
"{39A68007-970B-4A78-9519-64D4B13824F9}"=USB Dual Vibration Joystick
"{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}"=Microsoft XNA Game Studio 2.0 Documentation
"{3C3FDF98-57CF-4FF4-9C95-167AE920ECCE}"=Dark GDK
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}"=Studio 10
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}"=DocumentViewer
"{3E354FBA-C7CE-402A-BB0D-225230BB1918}"=Logitech G15 Keyboard Software 1.04
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Browser Address Error Redirector
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go 4.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}"=Digital Media Reader
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5731C0A8-B266-451A-8D3F-8066AA21836F}"=Tom Clancy's Rainbow Six Vegas
"{59354E6C-B36F-49EF-9419-D904B86C9C57}"=USB Dual Vibration Joystick
"{5D95AD35-368F-47D5-B63A-A082DDF00111}"=Microsoft Digital Image Starter Edition 2006 Editor
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}"=4300
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}"=Microsoft Xbox 360 Accessories 1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}"=Macromedia Flash Player 8
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{691F4068-81BF-49E3-B32E-FE3E16400111}"=Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{786547F9-59BB-4FA3-B2D8-327FF1F14870}"=Adobe Flash Player 9 ActiveX
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}"=Zune Desktop Theme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}"=Microsoft Visual C# 2005 Express Edition - ENU
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}"=Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}"=Adobe Photoshop Elements 3.0
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{8795CBED-55E2-4693-9F14-84EC446935BE}"=SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"=Napster Burn Engine
"{8F014E72-8456-431B-A985-EBBBFEAE85ED}"=Game Creators Dark GDK
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90885A82-9673-49EA-AB39-AF776639C67C}"=InterVideo WinDVD 7
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9B96628C-8898-4FED-9612-25631C27AB13}"=Microsoft XNA Game Studio 2.0 (xnaliveproxy)
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}"=Microsoft Visual Basic 2008 Express Edition - ENU
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}"=Alt-Tab Task Switcher Powertoy for Windows XP
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}"=4300Trb
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}"=DiscAPI (Studio 10)
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}"=MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}"=Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B5C209B1-8DDB-4642-A573-375B951514CB}"=Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B946D46E-1302-48B4-84EE-B74C3191D975}"=Corel Painter Essentials 2
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}"=PLAYSTATION®Network Downloader
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}"=Microsoft SQL Server Compact 3.5 ENU
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3
"{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}"=Microsoft XNA Game Studio 2.0 (shared components)
"{C194D333-B84A-4BB7-B35E-060732D98DC4}"=GPGNet
"{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}"=Microsoft XNA Game Studio 2.0
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}"=Command & Conquer・3: Kane's Wrath
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}"=Microsoft Visual C++ 2008 Express Edition - ENU
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}"=Microsoft Games for Windows - LIVE Redistributable
"{D45EC259-4A19-4656-B588-C2C360DD18EA}"=Half-Life® 2
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}"=InstantShareDevices
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}"=Command & Conquer 3
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1"=AusLogics Disk Defrag
"{E0D51394-1D45-460A-B62D-383BC4F8B335}"=QuickTime
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}"=PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}"=4300_Help
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}"=Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{EBB05CE8-52DF-4B7C-BDF4-ECC6BB0C3BB1}"=Taksi Desktop Video Recorder
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{EEECE229-49F6-4851-A73A-99B058221F8C}"=RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}"=Pinnacle Instant DVD Recorder
"{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}"=Microsoft DirectX SDK (August 2007)
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}"=World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}"=Tom Clancy's Ghost Recon Advanced Warfighterฎ 2
"{F99C5427-4D78-43E2-B97E-F4C4E622D612}"=MapleStory
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}"=Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveXControlPad"=Microsoft ActiveX Control Pad
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Albatross18"=Albatross18 (OGPlanet)
"America Online us"=America Online (Choose which version to remove)
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Any Video Converter_is1"=Any Video Converter 2.5.9
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Spyware Protection"=AOL Spyware Protection
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AolCoach2_en"=AOL Coach Version 2.0(Build:20041026.5 en)
"ASIO4ALL"=ASIO4ALL
"Audacity_is1"=Audacity 1.2.6
"Azureus"=Azureus
"Azureus Vuze"=Azureus Vuze
"BigFix"=BigFix
"Blender"=Blender (remove only)
"CABAL Online_is1"=CABAL Online
"CamStudio"=CamStudio
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=Soft Data Fax Modem with SmartCP
"Collab"=Collab
"CTDVDAudio Plugin"=Creative DVD Audio Plugin for Audigy Series
"Dev-C++"=Dev-C++ 5 beta 9 release (4.9.9.2)
"D-Link VGA Webcam"=D-Link VGA Webcam
"EHome Devices"=Media Center Extender
"FL Studio 8"=FL Studio 8
"Flash CD & DVD Burner_is1"=Flash CD & DVD Burner
"Fraps"=Fraps (remove only)
"Free Download Manager_is1"=Free Download Manager 2.1
"GameSpotDownloadManager"=GameSpot Download Manager
"GIMPshop"=GIMPshop 2.2.8
"Google Desktop"=Google Desktop
"gtkmm"=gtkmm Runtime Environment 2.10
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"HotKeyBind_is1"=HotKeyBind 1.2
"HP Document Viewer"=HP Document Viewer 6.1
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Photo & Imaging"=HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities"=HP Extended Capabilities 6.1
"HUFFYUV"=Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IL Download Manager"=IL Download Manager
"InfraRecorder"=InfraRecorder
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}"=The Movies™ Stunts & Effects
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}"=Digital Media Reader
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}"=Microsoft Flight Simulator X
"InterActual Player"=InterActual Player
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB905589"=Windows XP Media Center Edition 2005 KB905589
"KB914548"=Windows XP Media Center Edition 2005 KB914548
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.9.5 (Standard)
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"McAfee Uninstall Utility"=McAfee Uninstall Wizard
"MediaCoder"=MediaCoder 0.6.0
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Microsoft Visual Basic 2008 Express Edition - ENU"=Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2005 Express Edition - ENU"=Microsoft Visual C# 2005 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition - ENU"=Microsoft Visual C++ 2008 Express Edition - ENU
"Microsoft XNA Game Studio 2.0"=Microsoft XNA Game Studio 2.0
"MixMeister BPM Analyzer_is1"=MixMeister BPM Analyzer 1.0
"Mixxx"=NSIS Mixxx
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSC"=McAfee SecurityCenter
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Notepad++"=Notepad++
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"PictureItSuiteTrial_v11"=Microsoft Digital Image Starter Edition 2006
"Pocket Tanks_is1"=Pocket Tanks v1.3
"PoiZone"=PoiZone
"Port Magic"=Pure Networks Port Magic
"RealPlayer 6.0"=RealPlayer Basic
"Red Alert"=Red Alert Windows 95
"RumbleFighter"=Rumble Fighter
"SCLS"=MSU Screen Capture Lossless Codec v1.2 (Remove Only)
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SpeedItupFree4.05"=Speeditup Free 4.76
"ST4UNST #1"=FreeTheme
"Steam App 11020"=TrackMania Nations Forever
"Steam App 12910"=Audiosurf Demo
"Steam App 211"=Source SDK
"Steam App 380"=Half-Life 2: Episode One
"Steam App 400"=Portal
"Steam App 420"=Half-Life 2: Episode Two
"Steam App 440"=Team Fortress 2
"StepMania"=StepMania (remove only)
"synfig"=Synfig Core
"synfigstudio"=Synfig Studio
"SystemRequirementsLab"=System Requirements Lab
"Tablet Driver"=Tablet
"Theme Manager"=Theme Manager
"Toxic Biohazard"=Toxic Biohazard
"UT2004"=Unreal Tournament 2004
"ViewpointMediaPlayer"=Viewpoint Media Player
"VirtuallTek Fighter Factory_is1"=Fighter Factory 1.0.12.2005 (Update Pack 3)
"VST Bridge_is1"=VST Bridge 1.1
"WavePad"=WavePad Uninstall
"Wdf01001"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WGA"=Windows Genuine Advantage Validation Tool
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinGimp-2.0_is1"=GIMP 2.4.2
"WinGTK-2_is1"=GTK+ 2.10.6-1 runtime environment
"WinRAR archiver"=WinRAR archiver
"WinVorbis_is1"=WinVorbis v1.60
"World of Warcraft"=World of Warcraft
"WT010655"=Tradewinds
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freetar Hero - v0.1 Beta"=Freetar Hero - v0.1 Beta
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3
"TransBar"=TransBar
"WinDirStat"=WinDirStat 1.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2667042211-947458848-1739164484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freetar Hero - v0.1 Beta"=Freetar Hero - v0.1 Beta
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3
"TransBar"=TransBar
"WinDirStat"=WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2008 3:05:51 AM | Computer Name = SHAN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ieframe.dll, version 7.0.6000.16705, fault address 0x0009cdd9.

Error - 10/4/2008 3:06:14 AM | Computer Name = SHAN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.

Error - 10/4/2008 3:06:19 AM | Computer Name = SHAN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 10/4/2008 3:06:51 AM | Computer Name = SHAN | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2008 3:07:39 AM | Computer Name = SHAN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.

Error - 10/4/2008 3:08:31 AM | Computer Name = SHAN | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2008 6:04:47 PM | Computer Name = SHAN | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb/ar...s/q312/5/00.asp

Error - 10/5/2008 7:43:13 PM | Computer Name = SHAN | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.4, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00018fea.

Error - 10/7/2008 2:30:08 AM | Computer Name = SHAN | Source = Application Error | ID = 1000
Description = Faulting application mcsysmon.exe, version 12.0.188.0, faulting module
mcsysmon.exe, version 12.0.188.0, fault address 0x000647b3.

Error - 10/10/2008 3:53:09 PM | Computer Name = SHAN | Source = McLogEvent | ID = 5051
Description =

[ OSession Events ]
Error - 5/15/2007 6:43:52 PM | Computer Name = SHAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 117748
seconds with 2640 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/7/2008 11:53:03 PM | Computer Name = SHAN | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/9/2008 10:40:26 PM | Computer Name = SHAN | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/12/2008 3:30:26 PM | Computer Name = SHAN | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.


< End of report >

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 13, 2008 02:32:26
Records in database: 1307858
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan statistics
Files scanned 273743
Threat name 4
Infected objects 5
Suspicious objects 0
Duration of the scan 04:50:29

File name Threat name Threats count
C:\Documents and Settings\Owner.Shan\My Documents\Downloads\Compressed\vtp6.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
C:\Documents and Settings\Owner.Shan\My Documents\Downloads\Compressed\vtp6.zip Infected: Trojan-Spy.Win32.Agent.ehl 1
C:\Documents and Settings\Owner.Shan\My Documents\My Old Videos\AMV clips\Video\setup.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 PM

Posted 13 October 2008 - 03:36 PM

Hello, ssx345.
That looks good :thumbsup:

Just have some leftovers to clean up:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    XDva009
    XDva186
    :files
    C:\Documents and Settings\Owner.Shan\My Documents\Downloads\Compressed\vtp6.zip
    C:\Documents and Settings\Owner.Shan\My Documents\My Old Videos\AMV clips\Video\setup.exe
    D:\i386\Apps\App17981\comps\toolbar\toolbr.exe
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
  • Click the "Start Menu" (or Windows Orb)
  • Click "All Programs"
  • Click "Windows Update"
  • On the left, choose "Change Settings"
  • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
  • Press OK and accept the UAC prompt.
    Note: You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click "Check for Updates" in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
In your next reply, please include the following:
  • OTMoveIt3's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 ssx345

ssx345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 13 October 2008 - 08:26 PM

Here's the log. I should be able to update java and windows in a few.

========== SERVICES/DRIVERS ==========
Service XDva009 stopped successfully.
Service XDva009 deleted successfully.
Service XDva186 stopped successfully.
Service XDva186 deleted successfully.
========== FILES ==========
C:\Documents and Settings\Owner.Shan\My Documents\Downloads\Compressed\vtp6.zip moved successfully.
C:\Documents and Settings\Owner.Shan\My Documents\My Old Videos\AMV clips\Video\setup.exe moved successfully.
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10132008_182357

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 PM

Posted 13 October 2008 - 08:28 PM

Sorry... forgot to ask. Once you've got windows + java updated please post a fresh HJT log ;)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 ssx345

ssx345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 13 October 2008 - 09:31 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:34 PM, on 10/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\nvsvc32.exe
J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLHOS~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\COMMON~1\AOL\115436~1\EE\AOLServiceHost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
J:\Program Files\HotKeyBind\HotKeyBind.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 24.21.135.99 204.13.11.27
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154369075\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckup\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WindowBlinds] J:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [HotKeyBind.exe] J:\Program Files\HotKeyBind\HotKeyBind.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [tK3kYd0DhQ] C:\Documents and Settings\All Users\Application Data\olwvwhwz\ozcbmfoz.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WinMySQLadmin.lnk = N:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file:///C:/Documents%20and%20Settings/Owner.Shan/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{28D30BB1-51C1-4516-95A3-C67CD67F53B1}: NameServer = 192.168.1.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - J:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 19163 bytes

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 PM

Posted 13 October 2008 - 09:48 PM

Hello, ssx345.
I'm sorry.. looks like some stuff came back or that I missed some stuff. No matter, I can see it now ;)

We need to disable SpyBot Search and Destroy's "Tea Timer"
  • Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit/Close Spybot S&D when done.
Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\windows\system32\ALCMTR.EXE
    C:\Program Files\Speeditup Free
    C:\Documents and Settings\All Users\Application Data\olwvwhwz
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=-
    "PC-Checkup"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"=-
    "SpeedItUpEX"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "tK3kYd0DhQ"=-
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 ssx345

ssx345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 13 October 2008 - 10:19 PM

========== FILES ==========
File/Folder C:\windows\system32\ALCMTR.EXE not found.
C:\Program Files\Speeditup Free\PCCheckUp\Backup moved successfully.
C:\Program Files\Speeditup Free\PCCheckUp moved successfully.
C:\Program Files\Speeditup Free\help moved successfully.
C:\Program Files\Speeditup Free moved successfully.
C:\Documents and Settings\All Users\Application Data\olwvwhwz moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PC-Checkup deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpeedItUpEX deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\tK3kYd0DhQ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\etilqs_25Unn9F1NLAbw4xeTuDw scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\fla26.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\~DF9132.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_6L1kfoFOOKFTqM9 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_77c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_56DGQ8xGXoOMMx0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hl5YNffNTTe8pbe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_tdArFyykscP0yEk scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10132008_200447

Files moved on Reboot...
File C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\etilqs_25Unn9F1NLAbw4xeTuDw not found!
File C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\fla26.tmp not found!
C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp\~DF9132.tmp not found!
File C:\WINDOWS\temp\mcmsc_6L1kfoFOOKFTqM9 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_77c.dat not found!
C:\WINDOWS\temp\sqlite_56DGQ8xGXoOMMx0 moved successfully.
C:\WINDOWS\temp\sqlite_hl5YNffNTTe8pbe moved successfully.
C:\WINDOWS\temp\sqlite_tdArFyykscP0yEk moved successfully.
C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner.Shan\Local Settings\Application Data\Mozilla\Firefox\Profiles\c42as3em.default\urlclassifier3.sqlite moved successfully.




--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 143 Go Free : 32 Go
D:\ (Local Disk) - FAT32 - Total : 5 Go Free : 3 Go
E:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - NTFS - Total : 74 Go Free : 35 Go
K:\ (USB)
L:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( Mon 10/13/2008|19:58 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\Program Files\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[06/17/2006|02:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[02/26/2008|06:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/31/2006|11:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[07/24/2007|05:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[07/31/2006|11:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[03/03/2007|08:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[05/01/2008|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/31/2006|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[01/10/2008|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[03/17/2007|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/26/2008|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg7
[10/06/2008|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[04/25/2007|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[01/08/2007|04:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[12/25/2006|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[02/17/2007|04:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hagel Technologies
[03/01/2007|09:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[02/18/2007|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iOpus-i-M
[05/11/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Last.fm
[02/08/2007|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lionhead Studios
[09/29/2007|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[10/07/2008|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/12/2008|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/26/2008|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[02/29/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Media Center Programs
[04/05/2008|05:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/10/2008|03:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[01/12/2007|05:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[05/29/2007|04:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS
[10/06/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> olwvwhwz
[09/29/2007|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Outspark
[02/05/2008|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[02/05/2008|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle Studio
[06/07/2008|07:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pixelStorm
[06/18/2006|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[07/31/2006|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[07/31/2006|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[10/06/2008|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[02/05/2008|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[03/01/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/07/2008|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/12/2007|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/19/2008|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/12/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TrackMania
[02/10/2008|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[12/25/2006|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/29/2007|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/03/2007|12:01] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

[06/17/2006|02:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/31/2006|11:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/31/2006|11:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[07/31/2006|11:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[02/10/2008|05:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[02/26/2008|06:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[10/06/2008|05:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[06/17/2006|02:41] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Identities
[02/26/2008|06:44] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Microsoft
[07/31/2006|11:13] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> SampleView
[07/31/2006|11:05] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[06/17/2006|02:41] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> Identities
[02/26/2008|06:44] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> Microsoft
[07/31/2006|11:13] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> SampleView
[07/31/2006|11:05] C:\DOCUME~1\MCX2\APPLIC~1\<DIR> You've Got Pictures Screensaver

[02/26/2008|06:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/03/2007|12:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft

[05/01/2008|06:57] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Adobe
[12/25/2006|08:50] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> AdobeUM
[07/03/2008|12:33] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Any Video Converter
[01/31/2008|06:24] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Apple Computer
[12/25/2006|08:32] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> ATI
[01/09/2007|05:38] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> atitray
[02/08/2007|05:13] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Avant Profiles
[06/09/2008|08:34] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Azureus
[07/08/2007|06:25] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> BitTorrent
[09/22/2008|11:42] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Command & Conquer 3 Kane's Wrath
[02/23/2008|01:11] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[02/05/2008|09:27] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> CyberLink
[02/17/2007|11:01] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Desktop Sidebar
[06/18/2007|06:05] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Dev-Cpp
[01/14/2007|11:14] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> DivX
[05/29/2007|04:03] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> DMCache
[10/13/2008|07:58] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Free Download Manager
[06/09/2008|04:52] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> fretsonfire
[12/25/2006|02:12] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Google
[06/10/2008|06:58] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> gtk-2.0
[02/17/2007|05:49] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Help
[06/17/2007|04:34] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> HP
[06/17/2006|02:41] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Identities
[04/11/2008|07:06] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> InfraRecorder
[02/14/2007|08:43] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> InstallShield
[05/29/2008|03:56] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> InstallShield Installation Information
[01/08/2007|04:19] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> InterVideo
[02/17/2007|10:53] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> JetStart
[02/19/2008|08:03] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> KompoZer
[01/17/2007|05:06] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Lavasoft
[07/23/2007|09:21] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> LimeWire
[04/10/2008|05:44] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Lionhead Studios
[01/12/2007|10:44] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Macromedia
[10/07/2008|09:18] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Malwarebytes
[04/05/2008|04:37] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Microsoft
[06/17/2008|11:48] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Mozilla
[04/03/2007|12:01] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> MySpace
[05/24/2007|04:49] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> NCH Swift Sound
[04/20/2008|04:55] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> NetMedia Providers
[02/04/2007|02:26] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Netscape
[04/05/2008|09:19] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Nexon
[02/20/2008|09:39] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Notepad++
[11/14/2007|07:24] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> OpenOffice.org2
[07/03/2008|10:08] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Orbit
[04/20/2008|04:55] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Publish Providers
[07/31/2006|11:13] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> SampleView
[05/27/2007|10:57] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> SecuROM
[07/23/2007|09:41] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Shareaza
[04/21/2008|08:23] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Sony
[03/11/2007|01:13] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Stardock
[03/04/2007|02:06] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Sun
[02/12/2007|08:18] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> SUPERAntiSpyware.com
[05/29/2008|03:02] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> SystemRequirementsLab
[02/04/2007|12:31] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> Talkback
[10/01/2008|11:18] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> U3
[07/31/2006|11:05] C:\DOCUME~1\OWNER~1.SHA\APPLIC~1\<DIR> You've Got Pictures Screensaver

[04/03/2007|12:01] C:\DOCUME~1\OWNER~~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/15/2008 01:11 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[10/01/2008 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[10/06/2008 01:30 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/25/2006 08:37 AM][--a------] C:\WINDOWS\tasks\ISP signup reminder 2.job
[10/13/2008 07:23 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 12:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/19/2007|07:34] C:\Program Files\<DIR> ActiveX Control Pad
[07/31/2006|11:02] C:\Program Files\<DIR> Adobe
[10/04/2008|04:14] C:\Program Files\<DIR> AGEIA Technologies
[06/10/2007|01:26] C:\Program Files\<DIR> Alcohol Soft
[07/31/2006|11:05] C:\Program Files\<DIR> America Online 9.0
[03/13/2008|08:03] C:\Program Files\<DIR> Amor SWF to Video Converter
[07/03/2008|12:29] C:\Program Files\<DIR> Any Video Converter
[01/10/2008|06:35] C:\Program Files\<DIR> Apple Software Update
[04/15/2008|11:39] C:\Program Files\<DIR> ASIO4ALL v2
[04/25/2008|02:50] C:\Program Files\<DIR> Audacity
[10/06/2008|01:00] C:\Program Files\<DIR> Avira
[05/12/2008|06:16] C:\Program Files\<DIR> Azureus
[07/31/2006|11:04] C:\Program Files\<DIR> BigFix
[08/05/2007|12:57] C:\Program Files\<DIR> BitTorrent
[01/14/2007|10:12] C:\Program Files\<DIR> bobyte
[04/20/2008|01:44] C:\Program Files\<DIR> BreakPoint Software
[02/10/2008|03:25] C:\Program Files\<DIR> Citrix
[02/26/2008|06:56] C:\Program Files\<DIR> Common Files
[06/17/2006|02:37] C:\Program Files\<DIR> ComPlus Applications
[07/31/2006|10:44] C:\Program Files\<DIR> CONEXANT
[12/25/2006|10:49] C:\Program Files\<DIR> Corel
[01/08/2007|04:13] C:\Program Files\<DIR> Creative
[07/31/2006|10:54] C:\Program Files\<DIR> CyberLink
[03/25/2007|06:52] C:\Program Files\<DIR> Data
[02/17/2007|11:03] C:\Program Files\<DIR> Desktop Sidebar
[01/15/2007|04:57] C:\Program Files\<DIR> DGCA
[07/31/2006|10:56] C:\Program Files\<DIR> Digital Media Reader
[02/05/2008|10:45] C:\Program Files\<DIR> DivX
[09/20/2008|03:56] C:\Program Files\<DIR> Electronic Arts
[04/21/2007|09:39] C:\Program Files\<DIR> Emulators
[02/22/2007|10:58] C:\Program Files\<DIR> Flash CD & DVD Burner
[07/30/2007|04:39] C:\Program Files\<DIR> Free Download Manager
[03/12/2007|10:12] C:\Program Files\<DIR> FreeTheme
[01/11/2007|05:54] C:\Program Files\<DIR> Futuremark
[06/07/2007|03:20] C:\Program Files\<DIR> GameSpot
[01/12/2007|06:00] C:\Program Files\<DIR> Gateway Games
[07/25/2007|01:08] C:\Program Files\<DIR> GIMP-2.0
[03/06/2007|08:30] C:\Program Files\<DIR> GIMPshop
[02/03/2007|03:33] C:\Program Files\<DIR> Google
[05/29/2007|11:58] C:\Program Files\<DIR> Gpotato
[07/31/2006|11:06] C:\Program Files\<DIR> gtw_logo
[05/16/2007|05:30] C:\Program Files\<DIR> HP
[04/24/2008|04:01] C:\Program Files\<DIR> Image-Line
[04/11/2008|04:15] C:\Program Files\<DIR> InfraRecorder
[05/07/2008|10:57] C:\Program Files\<DIR> InstallShield Installation Information
[01/08/2007|04:15] C:\Program Files\<DIR> InterActual
[08/14/2008|03:01] C:\Program Files\<DIR> Internet Explorer
[01/08/2007|04:13] C:\Program Files\<DIR> InterVideo
[01/10/2008|06:39] C:\Program Files\<DIR> iPod
[11/14/2007|07:32] C:\Program Files\<DIR> i-Sound Pro
[05/11/2008|04:53] C:\Program Files\<DIR> iTunes
[10/13/2008|07:18] C:\Program Files\<DIR> Java
[02/17/2007|10:53] C:\Program Files\<DIR> JetStart
[06/16/2008|08:46] C:\Program Files\<DIR> K-Lite Codec Pack
[05/29/2008|01:49] C:\Program Files\<DIR> Last.fm
[01/17/2007|05:06] C:\Program Files\<DIR> Lavasoft
[03/11/2007|02:33] C:\Program Files\<DIR> LClock
[07/23/2007|09:44] C:\Program Files\<DIR> LimeWire
[02/10/2008|04:17] C:\Program Files\<DIR> Linksys Wireless-G PCI Network Adapter with SpeedBooster
[02/08/2007|07:08] C:\Program Files\<DIR> Lionhead Studios Ltd
[02/10/2008|04:35] C:\Program Files\<DIR> LockDisk
[09/29/2007|12:51] C:\Program Files\<DIR> Logitech
[03/13/2008|08:04] C:\Program Files\<DIR> Magic Swf2Avi 2008
[02/10/2008|03:17] C:\Program Files\<DIR> MagicISO
[02/10/2008|04:35] C:\Program Files\<DIR> MAIET
[10/12/2008|02:50] C:\Program Files\<DIR> McAfee
[02/26/2008|07:04] C:\Program Files\<DIR> McAfee.com
[10/13/2008|06:55] C:\Program Files\<DIR> Messenger
[06/18/2007|03:01] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[07/31/2006|11:02] C:\Program Files\<DIR> Microsoft Digital Image 2006
[12/02/2007|10:10] C:\Program Files\<DIR> Microsoft DirectX SDK (August 2007)
[06/17/2006|02:41] C:\Program Files\<DIR> microsoft frontpage
[04/10/2008|05:42] C:\Program Files\<DIR> Microsoft Games
[04/05/2008|04:35] C:\Program Files\<DIR> Microsoft Office
[11/28/2007|06:53] C:\Program Files\<DIR> Microsoft SDKs
[08/19/2008|03:00] C:\Program Files\<DIR> Microsoft Silverlight
[04/21/2008|03:20] C:\Program Files\<DIR> Microsoft SQL Server
[12/02/2007|08:19] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[12/02/2007|08:19] C:\Program Files\<DIR> Microsoft Synchronization Services
[04/05/2008|04:35] C:\Program Files\<DIR> Microsoft Visual Studio 8
[12/02/2007|08:19] C:\Program Files\<DIR> Microsoft Visual Studio 9.0
[09/10/2008|03:01] C:\Program Files\<DIR> Microsoft Works
[05/12/2008|09:42] C:\Program Files\<DIR> Microsoft Xbox 360 Accessories
[04/05/2008|05:27] C:\Program Files\<DIR> Microsoft XNA
[07/31/2006|10:54] C:\Program Files\<DIR> Microsoft.NET
[04/15/2008|06:45] C:\Program Files\<DIR> Mixxx
[10/13/2008|06:50] C:\Program Files\<DIR> Movie Maker
[10/13/2008|07:26] C:\Program Files\<DIR> Mozilla Firefox
[11/28/2007|06:51] C:\Program Files\<DIR> MSBuild
[06/17/2006|02:35] C:\Program Files\<DIR> MSN
[07/31/2006|11:03] C:\Program Files\<DIR> MSN Encarta Plus
[06/17/2006|02:35] C:\Program Files\<DIR> MSN Gaming Zone
[10/13/2008|07:11] C:\Program Files\<DIR> MSN Messenger
[12/25/2006|10:05] C:\Program Files\<DIR> MSXML 4.0
[11/28/2007|04:53] C:\Program Files\<DIR> MSXML 6.0
[02/10/2008|03:13] C:\Program Files\<DIR> MySpace
[01/12/2007|05:59] C:\Program Files\<DIR> Napster
[02/10/2008|03:23] C:\Program Files\<DIR> NCH Swift Sound
[10/13/2008|06:47] C:\Program Files\<DIR> NetMeeting
[02/04/2007|02:24] C:\Program Files\<DIR> Netscape
[05/30/2007|05:51] C:\Program Files\<DIR> Nexon
[02/20/2008|09:38] C:\Program Files\<DIR> Notepad++
[06/06/2007|02:12] C:\Program Files\<DIR> OGPlanet
[06/17/2006|02:36] C:\Program Files\<DIR> Online Services
[02/10/2008|03:27] C:\Program Files\<DIR> OpenLibraries
[11/14/2007|07:39] C:\Program Files\<DIR> OpenOffice.org 2.1
[07/24/2007|05:02] C:\Program Files\<DIR> outlook
[10/13/2008|06:47] C:\Program Files\<DIR> Outlook Express
[04/24/2008|04:00] C:\Program Files\<DIR> Outsim
[11/14/2007|07:36] C:\Program Files\<DIR> Outspark
[10/05/2008|04:43] C:\Program Files\<DIR> PeerGuardian2
[06/10/2008|07:19] C:\Program Files\<DIR> Pinnacle
[12/18/2007|09:11] C:\Program Files\<DIR> Pocket Tanks
[07/31/2006|11:04] C:\Program Files\<DIR> Pure Networks
[01/10/2008|06:37] C:\Program Files\<DIR> QuickTime
[11/14/2007|07:29] C:\Program Files\<DIR> Random Software
[03/25/2007|06:20] C:\Program Files\<DIR> Ray Adams
[07/31/2006|11:05] C:\Program Files\<DIR> Real
[04/16/2008|09:51] C:\Program Files\<DIR> Realtek
[11/28/2007|06:51] C:\Program Files\<DIR> Reference Assemblies
[02/26/2008|08:26] C:\Program Files\<DIR> Sierra Entertainment
[08/06/2007|12:19] C:\Program Files\<DIR> SigmaTel
[02/05/2008|10:50] C:\Program Files\<DIR> SmartSound Software
[04/20/2008|04:31] C:\Program Files\<DIR> Sony
[04/20/2008|04:30] C:\Program Files\<DIR> Sony Setup
[08/28/2008|08:25] C:\Program Files\<DIR> Speeditup Free
[10/07/2008|08:51] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/12/2007|09:25] C:\Program Files\<DIR> Stardock
[08/17/2008|10:56] C:\Program Files\<DIR> StepMania
[06/17/2008|05:12] C:\Program Files\<DIR> StepMania CVS
[03/11/2007|06:01] C:\Program Files\<DIR> Styler
[05/08/2008|08:04] C:\Program Files\<DIR> Sun
[07/24/2007|05:52] C:\Program Files\<DIR> SUPERAntiSpyware
[08/05/2007|01:31] C:\Program Files\<DIR> synfig
[05/29/2008|03:02] C:\Program Files\<DIR> SystemRequirementsLab
[12/25/2006|10:38] C:\Program Files\<DIR> Tablet
[12/02/2007|10:30] C:\Program Files\<DIR> The Game Creators
[02/21/2007|01:35] C:\Program Files\<DIR> THQ
[10/07/2008|09:05] C:\Program Files\<DIR> Trend Micro
[07/07/2007|10:12] C:\Program Files\<DIR> Ubisoft
[10/10/2008|12:10] C:\Program Files\<DIR> umtjtgf
[04/21/2008|08:29] C:\Program Files\<DIR> Uninstall Information
[05/29/2008|03:39] C:\Program Files\<DIR> Unreal Tournament 3
[06/22/2007|10:14] C:\Program Files\<DIR> VID_0E8F&PID_0003
[01/15/2007|08:29] C:\Program Files\<DIR> VirtuallTek
[03/11/2007|05:57] C:\Program Files\<DIR> Vista Sidebar
[03/11/2007|05:57] C:\Program Files\<DIR> VisualTooltip
[04/24/2008|04:01] C:\Program Files\<DIR> Vstplugins
[01/16/2007|08:58] C:\Program Files\<DIR> Western Digital
[07/31/2006|10:59] C:\Program Files\<DIR> WildTangent
[05/20/2007|11:10] C:\Program Files\<DIR> Winamp
[08/05/2007|12:28] C:\Program Files\<DIR> WinDirStat
[07/07/2008|05:09] C:\Program Files\<DIR> Windows Media Components
[10/13/2008|06:47] C:\Program Files\<DIR> Windows Media Player
[10/13/2008|06:47] C:\Program Files\<DIR> Windows NT
[06/17/2006|02:36] C:\Program Files\<DIR> Windows Plus
[06/17/2006|02:39] C:\Program Files\<DIR> WindowsUpdate
[04/20/2008|02:07] C:\Program Files\<DIR> WinRAR
[02/10/2008|03:25] C:\Program Files\<DIR> WinTV
[03/03/2007|08:52] C:\Program Files\<DIR> WinVorbis
[09/30/2008|10:16] C:\Program Files\<DIR> World of Warcraft
[06/17/2006|02:41] C:\Program Files\<DIR> xerox
[08/05/2007|12:48] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07/21/2007|07:22] C:\Program Files\Common Files\<DIR> Adobe
[07/31/2006|11:05] C:\Program Files\Common Files\<DIR> AOL
[07/31/2006|11:04] C:\Program Files\Common Files\<DIR> AolCoach
[07/31/2006|11:05] C:\Program Files\Common Files\<DIR> aolshare
[01/10/2008|06:34] C:\Program Files\Common Files\<DIR> Apple
[05/31/2008|07:56] C:\Program Files\Common Files\<DIR> ATI Technologies
[10/21/2007|03:28] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[03/11/2007|09:02] C:\Program Files\Common Files\<DIR> DESIGNER
[04/28/2007|09:24] C:\Program Files\Common Files\<DIR> DirectX
[01/15/2007|08:59] C:\Program Files\Common Files\<DIR> GTK
[03/01/2007|09:01] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[03/01/2007|09:11] C:\Program Files\Common Files\<DIR> HP
[02/11/2008|06:44] C:\Program Files\Common Files\<DIR> INCA Shared
[07/31/2006|10:58] C:\Program Files\Common Files\<DIR> InstallShield
[01/08/2007|04:16] C:\Program Files\Common Files\<DIR> InterVideo
[07/31/2006|10:57] C:\Program Files\Common Files\<DIR> Java
[09/29/2007|12:51] C:\Program Files\Common Files\<DIR> Logitech
[10/12/2008|02:50] C:\Program Files\Common Files\<DIR> McAfee
[11/28/2007|06:56] C:\Program Files\Common Files\<DIR> Merge Modules
[08/24/2008|03:03] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/17/2006|02:38] C:\Program Files\Common Files\<DIR> MSSoap
[06/18/2006|11:36] C:\Program Files\Common Files\<DIR> New Boundary
[02/09/2008|10:32] C:\Program Files\Common Files\<DIR> NSV
[07/31/2006|11:05] C:\Program Files\Common Files\<DIR> Nullsoft
[06/16/2006|07:31] C:\Program Files\Common Files\<DIR> ODBC
[07/31/2006|11:05] C:\Program Files\Common Files\<DIR> Real
[07/31/2006|11:03] C:\Program Files\Common Files\<DIR> Roxio Shared
[06/17/2006|02:38] C:\Program Files\Common Files\<DIR> Services
[03/01/2007|09:11] C:\Program Files\Common Files\<DIR> Sonic Shared
[06/16/2006|07:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[03/16/2007|03:28] C:\Program Files\Common Files\<DIR> Stardock
[05/19/2007|12:34] C:\Program Files\Common Files\<DIR> SWF Studio
[10/13/2008|06:47] C:\Program Files\Common Files\<DIR> System
[12/25/2006|02:09] C:\Program Files\Common Files\<DIR> SystemRequirementsLab
[10/04/2008|04:14] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 20:01:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:1222][D:45]-> C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\OWNER~1.SHA\Cookies
[F:174][D:7]-> C:\DOCUME~1\OWNER~1.SHA\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 10/13/2008|20:02 - Option : [2]

--------------------\\ Scan completed at 20:02:46

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 PM

Posted 14 October 2008 - 05:06 AM

Hello, ssx345.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 PM

Posted 16 October 2008 - 07:51 PM

Hello, ssx345.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users