Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The process explorer.exe keeps crashing and slowing down my computer?!


  • This topic is locked This topic is locked
90 replies to this topic

#1 -Cloud

-Cloud

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 17 November 2008 - 07:32 PM

Here's a detailed descritpion of my problem, that i posted earlier in the forum, "Am I infected? What to do?:

http://www.bleepingcomputer.com/forums/t/178416/explorerexe-process/

I wanna give a big thanks to the moderator boopme who has helped me throughout and tried to solve this problem :thumbsup:

As a side note to the detailed description i have provided in the above link, i have started noticing, that the browser i use firefox, seems to download a pdf file without my consent and stores/saves it on my temp internet files everytime and suddenly opens it without the document containing anything? it comes from a website where it just shows a banner from ebay and nothing else, i didnt record the website url address :) and my browser has gone slow and crashes alot.

The problem described above is still occuring.......so please help someone thank you


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:56, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin01\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8371 bytes

Edited:Really sorry i had to do the HJT scan again as i did not know that i wasnt allowed to change any settings to my system settings, hope this hasnt created any inconveniences, thank you.

Edited by -Cloud, 18 November 2008 - 01:36 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 26 November 2008 - 10:03 PM

Hello, -Cloud
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run a Scan with DDS
  • Please download DDS, and save it to your desktop, from one of the following mirrors:
  • Disable any type of "Script Blockers" or "Script Protection" installed on your system.
  • Double click Posted Image on your desktop.
  • If prompted by any script blocking tools, please allow any actions taken by DDS.
  • When prompted to preform an Optional Scan, please select Posted Image
  • Two reports will open. Please reply with the generated reports:
    • DDS.txt <-- Copy and paste into your next post
    • Attach.txt <-- Attach to your next post
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • DDS.txt
  • Attach.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 27 November 2008 - 06:49 PM

thank you for assisting me in my problem, sorry for the late reply i may delay my replies to your instructions/help/steps but i will try my best to it fast as possible so please bear with me, thank you once again, i will run the scan shortly and give reply back with the results from scan logs.......

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 27 November 2008 - 11:44 PM

Okie dokie :) I await the reports with interest :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 28 November 2008 - 05:43 AM

Hi, im encountering problems with GMER the rookit software, whenever im running a scan after a while, i get this error stating (from windows) "GMER has encountered a problem and needs to close" something like that anyways then gives me the options of sending a report to mircosoft and debugging the software. I also tried this in safe mode in windows but still got the same problem??

I was able to do the other two fine and have the logs ready.

Edited by -Cloud, 28 November 2008 - 05:44 AM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 28 November 2008 - 12:00 PM

Ocasionally that will happen with GMER.. it's a good scanner but it's buggy occasionally. Please post the other logs :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 28 November 2008 - 04:13 PM

Here's the two logs

DDS Log:


DDS (Version 1.0) - NTFSx86
Run by Admin01 at 0:23:52.82 on 28/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.434 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin01\Desktop\dds.scr

============== Psuedo HJT Report ===============

uWindow Title = Internet Explorer Provided By Sky Broadband
uStart Page = hxxp://www.skybroadband.com
uDefault_Page_URL = hxxp://www.skybroadband.com
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin01\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin01\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-26 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-26 76040]
R3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2007-4-29 174080]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-14 33752]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\drivers\SE2Ebus.sys [2007-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Emdfl.sys [2007-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Emdm.sys [2007-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Emgmt.sys [2007-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se2End5.sys [2007-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Eobex.sys [2007-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se2Eunic.sys [2007-11-10 90800]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);c:\windows\system32\drivers\w300bus.sys [2007-10-25 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;c:\windows\system32\drivers\w300mdfl.sys [2007-10-25 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;c:\windows\system32\drivers\w300mdm.sys [2007-10-25 96352]

=============== Created Last 30 ================

2008-11-24 21:45 <DIR> --d----- c:\docume~1\admin01\applic~1\MyPhoneExplorer
2008-11-18 00:12 <DIR> --d----- c:\program files\Trend Micro
2008-11-14 18:11 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2008-11-14 18:08 <DIR> --d----- c:\windows\ERUNT
2008-11-14 18:01 <DIR> --d----- C:\SDFix
2008-11-12 14:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:18 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-07 18:16 <DIR> --d----- c:\docume~1\admin01\applic~1\Malwarebytes
2008-11-07 18:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-07 18:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-07 18:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2008-11-27 23:33 <DIR> --d----- c:\docume~1\admin01\applic~1\LimeWire
2008-11-27 02:21 <DIR> --d----- c:\docume~1\admin01\applic~1\Vso
2008-11-27 00:24 2,512 a------- c:\windows\system32\d3d9caps.dat
2008-11-26 18:05 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-11-24 21:45 <DIR> --d----- c:\program files\MyPhoneExplorer
2008-11-21 02:58 <DIR> --d----- c:\docume~1\admin01\applic~1\uTorrent
2008-11-18 18:40 85,224 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-11-09 19:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-22 12:28 <DIR> --d----- c:\program files\common files\L&H
2008-10-22 12:27 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-10-21 19:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2008-10-21 19:20 <DIR> --d----- c:\program files\TVUPlayer
2008-10-16 19:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-14 22:29 <DIR> --d----- c:\docume~1\admin01\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-04 15:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-08-30 16:53 <DIR> --d----- c:\docume~1\admin01\applic~1\TVU Networks
2008-08-27 05:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-06-29 18:41 <DIR> --d----- c:\docume~1\admin01\applic~1\AVI ReComp
2008-05-09 00:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Driving Test Success
2008-05-05 15:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-05-05 15:26 <DIR> --d----- c:\docume~1\admin01\applic~1\SUPERAntiSpyware.com
2008-05-01 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-04-26 12:11 <DIR> --d----- c:\docume~1\admin01\applic~1\AVGTOOLBAR
2008-04-26 10:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-04-22 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2008-04-03 00:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Installations
2008-03-18 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Laconic Software
2008-03-05 01:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-02-26 21:16 <DIR> --d----- c:\docume~1\admin01\applic~1\Windows Live Writer
2008-02-06 01:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-01-16 23:12 <DIR> --d----- c:\docume~1\admin01\applic~1\Symantec
2007-08-25 11:43 <DIR> --d----- c:\docume~1\admin01\applic~1\foobar2000
2007-07-31 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2007-07-31 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Teleca
2007-07-04 17:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ultima_T15
2007-07-04 17:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EnterNHelp
2007-07-04 17:07 <DIR> --d----- c:\docume~1\admin01\applic~1\Nikon
2007-06-23 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ahead
2007-04-29 20:18 <DIR> --d----- c:\docume~1\admin01\applic~1\VersionTracker Pro
2007-04-21 10:23 <DIR> --d----- c:\docume~1\admin01\applic~1\Screenshot Sender
2007-03-07 22:45 <DIR> --d----- c:\docume~1\admin01\applic~1\Ulead Systems
2007-02-12 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Microsoft Corporation
2007-01-31 20:17 <DIR> --d----- c:\docume~1\admin01\applic~1\Teleca
2007-01-30 19:18 <DIR> --d----- c:\docume~1\admin01\applic~1\vlc

============= FINISH: 0:24:48.00 ===============

Attached Files



#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 28 November 2008 - 09:05 PM

Hello, -Cloud
Please try GMER again after this.

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire, uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\program files\zonealarmsb
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"=-
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 29 November 2008 - 09:29 AM

I am very sorry, i did not know that these "P2P" software are installed in my system and if i did i would not know what they are about (I dont really know much about computer you see, really sorry about this). I will uninstall these software programs after we have finished with the malware removal etc.

This computer is mine but it is shared with many of my room mates at my university (Dorm room) where im living currently for my studying, it must of been them as i clearly did not know anything about these software/programs in my system and i want to apologise on their behalf.

I will have the scan logs later on please as im going to work now.

Thank you for your patience.

And if possible can you tell me what the above two programs are about and what they do(functions), im just curious? And do you know what has infected my system?

Edited by -Cloud, 29 November 2008 - 09:34 AM.


#10 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 30 November 2008 - 09:44 AM

OTMoveIT Log:
========== FILES ==========
c:\program files\ZoneAlarmSB\bar\Settings moved successfully.
c:\program files\ZoneAlarmSB\bar\History moved successfully.
c:\program files\ZoneAlarmSB\bar\Cache moved successfully.
c:\program files\ZoneAlarmSB\bar\1.bin moved successfully.
c:\program files\ZoneAlarmSB\bar moved successfully.
c:\program files\ZoneAlarmSB moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_015011

--------------------------------------------------------------------------------------------------------------------------------------------------
OTViewIT Log:

OTViewIt logfile created on: 30/11/2008 03:49:49 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Admin01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 526.80 Mb Available Physical Memory | 51.47% Memory free
2.31 Gb Paging File | 1.94 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 26.04 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: Admin01
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2006/01/25 10:30:42 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
[2008/08/29 09:51:37 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2008/07/03 11:52:00 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/08/29 09:51:39 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2002/11/19 21:01:20 | 00,046,592 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2008/11/27 13:02:30 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2005/06/08 16:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/02/22 12:49:28 | 01,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
[2005/08/10 07:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
[2006/03/16 08:43:28 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2008/11/14 14:05:15 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/11/30 01:51:55 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin01\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/01/25 10:30:42 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:51:39 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/29 09:51:37 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/29 09:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/03/18 16:37:43 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\windows media player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/02/11 10:56:38 | 00,174,080 | ---- | M] (3dfx Interactive, Inc.) -- C:\WINDOWS\system32\drivers\3dfxvsm.sys -- (3dfxvs [On_Demand | Running])
[2007/04/20 19:46:40 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2002/12/03 14:27:38 | 00,586,120 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/04/13 18:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2005/11/18 03:31:36 | 00,456,768 | R--- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\WPN311.sys -- (AR5211 [On_Demand | Running])
[2008/08/29 09:51:36 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 11:52:00 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/03 11:52:11 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2008/04/13 18:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/11/28 00:28:30 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2005/06/03 14:46:52 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus [On_Demand | Stopped])
[2005/06/03 14:46:58 | 00,006,576 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])
[2005/06/03 14:47:00 | 00,089,872 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm [On_Demand | Stopped])
[2005/06/03 14:47:04 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
[2005/06/03 14:47:06 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex [On_Demand | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2007/06/28 11:44:58 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
[2007/06/28 11:44:16 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
[2007/06/28 11:44:18 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
[2007/06/28 11:44:18 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
[2008/04/01 00:24:07 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2005/06/14 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/01/16 20:28:29 | 00,062,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007/06/25 08:43:22 | 00,082,984 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus [On_Demand | Stopped])
[2007/06/25 08:43:26 | 00,014,888 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl [On_Demand | Stopped])
[2007/06/25 08:43:36 | 00,108,456 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm [On_Demand | Stopped])
[2007/06/25 08:43:36 | 00,100,264 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt [On_Demand | Stopped])
[2007/06/25 08:43:38 | 00,098,344 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex [On_Demand | Stopped])
[2007/04/03 12:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus [On_Demand | Stopped])
[2007/04/03 12:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt [On_Demand | Stopped])
[2007/04/03 12:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5 [On_Demand | Stopped])
[2007/04/03 12:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex [On_Demand | Stopped])
[2007/04/03 12:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic [On_Demand | Stopped])
[2008/05/20 22:12:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 15:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/05/20 22:12:05 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2006/11/10 17:23:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 17:23:48 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 17:23:50 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 17:23:54 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 17:23:56 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 17:23:58 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 17:24:06 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/08/03 22:31:36 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC [On_Demand | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006/03/13 15:49:54 | 00,060,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus [On_Demand | Stopped])
[2006/03/13 15:50:00 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])
[2006/03/13 15:50:02 | 00,096,352 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm [On_Demand | Stopped])
[2005/09/07 16:42:44 | 00,060,768 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus [On_Demand | Stopped])
[2005/09/07 16:42:46 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
[2005/09/07 16:42:48 | 00,096,224 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
[2005/09/07 16:42:50 | 00,087,792 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
[2005/09/07 16:42:50 | 00,085,664 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])
[2006/02/20 18:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped])
[2006/02/20 18:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
[2006/02/20 18:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
[2006/02/20 18:59:34 | 00,085,408 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
[2006/02/20 18:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Default_Page_URL"=http://www.skybroadband.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.skybroadband.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Default_Page_URL"=http://www.skybroadband.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.skybroadband.com

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3dfx Tools"=rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot (3dfx Interactive, Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2006/02/22 12:49:28 | 01,486,848 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableCMD"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableCMD"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 10:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html [2006/02/16 09:37:38 | 00,000,890 | ---- | M] ()
Add to Windows &Live Favorites: File not found
MediaManager tool grab multimedia file: C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html [2006/02/15 08:30:44 | 00,000,890 | ---- | M] ()

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html [2006/02/16 09:37:38 | 00,000,890 | ---- | M] ()
Add to Windows &Live Favorites: File not found
MediaManager tool grab multimedia file: C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html [2006/02/15 08:30:44 | 00,000,890 | ---- | M] ()

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: Reg Error: Key does not exist or could not be opened. File not found
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
MediaManager tool grab multimedia file: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: Reg Error: Key does not exist or could not be opened. File not found
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found
MediaManager tool grab multimedia file: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 10:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [2005/08/26 18:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
{08E730A4-FB02-45BD-A900-01E4AD8016F6}: Button: Sky -- File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> [2005/08/26 18:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{08E730A4-FB02-45BD-A900-01E4AD8016F6} [HKLM] -> [Sky] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> [2005/08/26 18:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{08E730A4-FB02-45BD-A900-01E4AD8016F6} [HKLM] -> [Sky] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> [2005/08/26 18:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{08E730A4-FB02-45BD-A900-01E4AD8016F6} [HKLM] -> [Sky] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> [2005/08/26 18:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{08E730A4-FB02-45BD-A900-01E4AD8016F6} [HKLM] -> [Sky] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
31 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
31 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}: http://musicmix.messenger.msn.com/Medialogic.CAB -- CMediaMix Object
{34F12AFD-E9B5-492A-85D2-40FA4535BE83}: http://www.symantec.com/techsupp/activedata/nprdtinf.cab -- AxProdInfoCtl Class
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

========== (O17) DNS Name Servers ==========

{08B8E811-74C0-4F5B-B2CC-733C56129CE0} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))
{4E30CF83-1A44-4B2F-8CBA-4F0C6D0BD763} (Servers: | Description: Sony Ericsson Device 616 USB Ethernet Emulation (NDIS 5))
{E3952535-F858-49C5-AB6D-E74200923744} (Servers: | Description: WPN311 RangeMax™ Wireless PCI Adapter)
{E448DBBF-E83D-41D2-A276-D08BDCC81A48} (Servers: | Description: SiS 900-Based PCI Fast Ethernet Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 11:52:00 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
WgaLogon: "DllName" = WgaLogon.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/01/30 18:55:02 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74937666-c047-11db-a62f-4d6564696130}\Shell\AutoRun\command]
""=.\Recycled\Driveinfo.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74937666-c047-11db-a62f-4d6564696130}\Shell\Open\Command]
""=.\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f736d3a-9460-11dc-acc3-00184d7632ae}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f736d3a-9460-11dc-acc3-00184d7632ae}\Shell\Auto\command]
""=boot.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f736d3a-9460-11dc-acc3-00184d7632ae}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f736d3a-9460-11dc-acc3-00184d7632ae}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 00:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5188706-8157-11dc-ac2f-00184d7632ae}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5188706-8157-11dc-ac2f-00184d7632ae}\Shell\Auto\command]
""=D:\boot.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5188706-8157-11dc-ac2f-00184d7632ae}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5188706-8157-11dc-ac2f-00184d7632ae}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 00:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f28dde26-fcdf-11dc-8731-00184d7632ae}\Shell\Auto\command]
""=D:\sal.xls.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f28dde26-fcdf-11dc-8731-00184d7632ae}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f28dde26-fcdf-11dc-8731-00184d7632ae}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 00:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/11/30 03:49:37 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Admin01\Desktop\gmer.zip
[2008/11/30 01:51:53 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin01\Desktop\OTViewIt.exe
[2008/11/30 01:50:11 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/11/30 01:49:02 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin01\Desktop\OTMoveIt3.exe
[2008/11/28 00:28:30 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/28 00:28:30 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/28 00:28:29 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/28 00:28:29 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/28 00:28:29 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/24 21:45:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin01\Application Data\MyPhoneExplorer
[2008/11/18 00:12:12 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Admin01\Desktop\HijackThis.lnk
[2008/11/18 00:12:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/14 18:11:45 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/14 18:08:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/14 18:01:28 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/12 14:18:22 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 14:18:04 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/08 02:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin01\Application Data\ImgBurn
[2008/11/07 18:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin01\Application Data\Malwarebytes
[2008/11/07 18:16:10 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/07 18:16:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/07 18:16:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/07 18:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/07 18:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/11/30 03:50:43 | 09,666,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/30 03:49:38 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Admin01\Desktop\gmer.zip
[2008/11/30 03:43:15 | 00,352,917 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/11/30 03:42:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/30 03:42:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/30 01:52:37 | 00,114,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/11/30 01:51:55 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin01\Desktop\OTViewIt.exe
[2008/11/30 01:49:05 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin01\Desktop\OTMoveIt3.exe
[2008/11/30 01:33:01 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/11/29 21:40:43 | 30,449,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/29 18:33:01 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2008/11/29 16:13:13 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{A830FE03-CBF7-4F11-B589-503D7D2E104A}_ADMIN_Admin01.job
[2008/11/29 04:13:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/29 00:50:36 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/11/28 16:44:05 | 00,000,588 | ---- | M] () -- C:\Documents and Settings\Admin01\My Documents\My Sharing Folders.lnk
[2008/11/28 14:44:21 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/28 00:28:30 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/28 00:28:29 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/28 00:28:29 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 22:30:34 | 00,065,537 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/27 20:48:00 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2008/11/27 00:24:35 | 00,002,512 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/27 00:22:28 | 00,222,208 | ---- | M] () -- C:\Documents and Settings\Admin01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/26 18:05:21 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/11/21 19:10:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/18 18:40:31 | 00,085,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/11/18 18:28:03 | 00,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/18 18:26:30 | 03,176,588 | -H-- | M] () -- C:\Documents and Settings\Admin01\Local Settings\Application Data\IconCache.db
[2008/11/18 00:12:12 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Admin01\Desktop\HijackThis.lnk
[2008/11/14 18:13:41 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/14 18:11:45 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/12 15:09:16 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 22:34:48 | 00,288,669 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081114-173901.backup
[2008/11/11 21:56:03 | 00,288,669 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081111-223448.backup
[2008/11/07 18:16:10 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/05 20:07:49 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/04 00:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------
OTViewIT Extras Log:
OTViewIt Extras logfile created on: 30/11/2008 03:49:49 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Admin01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 526.80 Mb Available Physical Memory | 51.47% Memory free
2.31 Gb Paging File | 1.94 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 26.04 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: Admin01
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Documents and Settings\Admin01\Desktop\µTorrent 1.6 Stable.exe:*:Enabled:µTorrent
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/11/14 14:05:15 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2007/12/23 22:02:06 | 02,179,072 | ---- | M] (Zhejiang University) -- C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
File not found -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008/02/08 21:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/08/28 22:52:26 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/29 09:51:39 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/10/10 22:33:54 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Admin01\Desktop\µTorrent 1.8.exe:*:Enabled:µTorrent
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 11:52:06 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}"=Sky Broadband
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0150050}"=J2SE Runtime Environment 5.0 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}"=SAGEM F@st 800-840
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{719A79E8-B696-48BE-B691-7303F7991EF8}"=3dfx Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7689CA7A-1270-425A-9959-EB4CB25EA29A}"=Sony Ericsson PC Suite 1.20.224
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7784A172-61F1-445E-8368-601607E0DD22}"=MP3 Player Utilities 4.00
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}"=ArcSoft Panorama Maker 3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AB938897-211A-4999-9749-236D2E8E464A}"=NETGEAR WPN311 Wireless Adapter
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}"=Spelling Dictionaries Support For Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1"=ConvertXtoDVD 2.2.3.258
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF097717-F174-4144-954A-FBC4BF301033}"=Nero 7 Premium
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7 ESD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E9B02A93-6279-491A-984E-7EA6DEDE3293}"=ImgBurn DVDVideo Shell Ext
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}"=PictureProject
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Allok 3GP PSP MP4 iPod Video Converter_is1"=Allok 3GP PSP MP4 iPod Video Converter 4.8.0310
"AVG8Uninstall"=AVG Free 8.0
"AVI ReComp"=AVI ReComp 1.4.3
"AviSynth"=AviSynth 2.5
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2007-02-22
"Driving Test Success - All Tests_is1"=Driving Test Success - All Tests (2007-2008)
"DVD Shrink_is1"=DVD Shrink 3.2
"Easy Video Joiner_is1"=Easy Video Joiner 5.21
"Easy Video Splitter_is1"=Easy Video Splitter 1.28
"ENTERPRISE"=Microsoft Office Enterprise 2007
"FastStone Capture"=FastStone Capture 4.8
"FLVPlayer"=FLV Player 1.3.3
"foobar2000"=foobar2000 v0.9.4.2
"GoldWave v5.23"=GoldWave v5.23
"HijackThis"=HijackThis 2.0.2
"ImgBurn"=ImgBurn
"InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}"=NETGEAR WPN311 Wireless Adapter
"LimeWire"=LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MPE"=MyPhoneExplorer
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nikon FotoShare"=Nikon FotoShare
"PicaView32"=PicaView32
"PSP Video 9"=PSP Video 9 2.25
"RealAlt_is1"=Real Alternative 1.51 Lite
"RealPlayer 6.0"=RealPlayer
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Sony Ericsson Themes Creator"=Sony Ericsson Themes Creator 3.19
"SopCast"=SopCast 3.0.1
"Turbo Pascal 7.0"=Turbo Pascal 7.0
"TVAnts 1.0"=TVAnts 1.0
"TVUPlayer"=TVUPlayer 2.4.0.1
"VLC media player"=VideoLAN VLC media player 0.8.6
"Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"WinAVI Video Converter_is1"=WinAVI Video Converter
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/11/2008 09:11:26 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application wlancfg5.exe, version 1.2.14.306, faulting module
wcapi.dll, version 4.1.0.161, fault address 0x0000dd60.

Error - 23/11/2008 13:30:21 | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application winamp.exe, version 2.9.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2008 13:14:47 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application wlancfg5.exe, version 1.2.14.306, faulting module
wcapi.dll, version 4.1.0.161, fault address 0x0000dd60.

Error - 24/11/2008 14:09:45 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application wlancfg5.exe, version 1.2.14.306, faulting module
wcapi.dll, version 4.1.0.161, fault address 0x0000dd60.

Error - 27/11/2008 21:04:24 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.12.12011, faulting module
gmer.dll, version 1.0.12.12011, fault address 0x00047158.

Error - 27/11/2008 22:13:44 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.12.12011, faulting module
gmer.dll, version 1.0.12.12011, fault address 0x00047158.

Error - 28/11/2008 11:09:11 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.12.12011, faulting module
gmer.dll, version 1.0.12.12011, fault address 0x00047158.

Error - 29/11/2008 09:00:21 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application wlancfg5.exe, version 1.2.14.306, faulting module
wcapi.dll, version 4.1.0.161, fault address 0x0000dd60.

Error - 29/11/2008 14:12:51 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application wlancfg5.exe, version 1.2.14.306, faulting module
wcapi.dll, version 4.1.0.161, fault address 0x0000dd60.

Error - 29/11/2008 21:36:37 | Computer Name = ADMIN | Source = Application Error | ID = 1000
Description = Faulting application wlancfg5.exe, version 1.2.14.306, faulting module
wcapi.dll, version 4.1.0.161, fault address 0x0000dd60.

[ OSession Events ]
Error - 19/02/2007 15:15:51 | Computer Name = ADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1596
seconds with 840 seconds of active time. This session ended with a crash.

Error - 19/02/2007 15:37:41 | Computer Name = ADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1294
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/11/2008 14:33:02 | Computer Name = ADMIN | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942403

Error - 29/11/2008 17:37:39 | Computer Name = ADMIN | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 29/11/2008 17:37:44 | Computer Name = ADMIN | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 29/11/2008 17:37:44 | Computer Name = ADMIN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 29/11/2008 21:28:38 | Computer Name = ADMIN | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 29/11/2008 21:28:42 | Computer Name = ADMIN | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 29/11/2008 21:28:42 | Computer Name = ADMIN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 29/11/2008 23:42:48 | Computer Name = ADMIN | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 29/11/2008 23:42:50 | Computer Name = ADMIN | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 29/11/2008 23:42:50 | Computer Name = ADMIN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------
GMER Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-30 10:25:14
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF424A040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF4246930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF4251A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF424A510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF4250870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF4250AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF4253FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF424A600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF4246F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF42526E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF4252440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF4250580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF42528B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF4246D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF4250350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF4250150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF4253250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF4252CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF4249C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF4253080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF424A220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF4247120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF4252140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF4250CD0]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 10, A5, 24, F4, 70, 08, 25, ... ]
? srescan.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F424EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F424EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F424EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F425C330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F424EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F424EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [F424ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [F424F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [F424EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [F424F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F42475C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F4247770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F42472D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F4247670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Health And Safety\HSmanualI.doc 338432 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Health And Safety\HSmanualII.doc 421888 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\Communication Policy.doc 26112 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\Data Management Policy.doc 23552 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\Data Protection Policy.doc 23552 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\Email Usage Policy.doc 47104 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\Internet Usage Policy.doc 34816 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\ITEQUI~1.DOC 27648 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\REPORT~1.DOC 34304 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Organisational Policies\Telephony Usage Policy.doc 24576 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Training Of Staff In The Organisation\STAFFH~1.DOC 4084224 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Training Of Staff In The Organisation\SUPPOR~1.DOC 260096 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Training Of Staff In The Organisation\SUPPOR~2.DOC 266240 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Work Expericence Assignment\Job Vacancy at THC.DOC 32256 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Work Expericence Assignment\Presentation for work.PPT 140800 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Work Expericence Assignment\Statement for task 2.doc 26112 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Work Expericence Assignment\TASK1P~1.PPT 34304 bytes
File C:\Documents and Settings\Admin01\My Documents\Joynal's Docs\BTEC National Diploma For IT Practitioners (Software Development)\Year 1\Gail Webber\CE - Communication And Employability Skills For IT\The Keynote Project\Tower Hamlet College - Work Experience\Work Expericence Assignment\TASK4J~2.DOC 25088 bytes

---- EOF - GMER 1.0.14 ----

Edited by -Cloud, 30 November 2008 - 09:50 AM.


#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 30 November 2008 - 02:05 PM

Hello, -Cloud
Grr.. sorry about that. TeaTimer is blocking the removal.

Instructions to disable it are below.

Limewire runs the Gunella network, and is most often used to download music.
uTorrent downloads .Torrent files, and is most often used to download movies.
Both of the above are usually in violation of the Digital Millenum Copyright Act.

I don't see any very serious malware in these logs, however. Just the ZoneAlarm SpyBlocker Toolbar.

We need to disable SpyBot Search and Destroy's "Tea Timer"
  • Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit/Close Spybot S&D when done.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    TeaTimer.exe
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    [-HKEY_CURRENT_USER\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
    [HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=-
    [HKEY_USERS\S-1-5-21-1004336348-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ZoneAlarmSB Uninstall"=-
    :files
    C:\WINDOWS\tasks\At??.job
    C:\WINDOWS\tasks\At?.job
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 30 November 2008 - 05:02 PM

Hello, -Cloud
Grr.. sorry about that. TeaTimer is blocking the removal.

I don't see any very serious malware in these logs, however. Just the ZoneAlarm SpyBlocker Toolbar.


What are you trying to remove from the system? can you tell me please, so is there any serious malware in my system if not then why is my system slowing down and my desktop icons keep disappearing etc as explained in my problem post. Is ZoneAlarm SpyBlocker Toolbar causing any problems? is that the problem? is it infected?

Can you please explain, i dont know what you are doing?

If you do not explain in the next reply i will not carry out these instructions as i do not know what you are trying to do to my system?


Limewire runs the Gunella network, and is most often used to download music.
uTorrent downloads .Torrent files, and is most often used to download movies.
Both of the above are usually in violation of the Digital Millenum Copyright Act.


I have told you i will be removing these software applications after we have finished the process of removing the active malware.

Edited by -Cloud, 30 November 2008 - 05:05 PM.


#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 01 December 2008 - 05:20 PM

Hello, -Cloud
Sorry about the delay.. been working my butt off :thumbsup:

I have told you i will be removing these software applications after we have finished the process of removing the active malware.

You asked for definitions of what these programs did. So I answered your question.

What are you trying to remove from the system? can you tell me please, so is there any serious malware in my system if not then why is my system slowing down and my desktop icons keep disappearing etc as explained in my problem post. Is ZoneAlarm SpyBlocker Toolbar causing any problems? is that the problem? is it infected?

The spyblocker toolbar is an adware component. The firewall is still okay, but the toolbar is bad.

That is all I touched in the above script.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 -Cloud

-Cloud
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 01 December 2008 - 10:00 PM

Hello, -Cloud
Sorry about the delay.. been working my butt off :thumbsup:

I have told you i will be removing these software applications after we have finished the process of removing the active malware.

You asked for definitions of what these programs did. So I answered your question.

What are you trying to remove from the system? can you tell me please, so is there any serious malware in my system if not then why is my system slowing down and my desktop icons keep disappearing etc as explained in my problem post. Is ZoneAlarm SpyBlocker Toolbar causing any problems? is that the problem? is it infected?

The spyblocker toolbar is an adware component. The firewall is still okay, but the toolbar is bad.

That is all I touched in the above script.

Billy3


okay thanks for the brief explanation, didnt meant to sound to hard or rude or anything just wanted to know thanks, i will try and do the following scans later on hope that is okay just abit busy...

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:44 PM

Posted 02 December 2008 - 12:03 AM

No problem :) I understand a lot of people get frustrated with all this :)

I'll be here when you've got reports :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users