Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtual Trojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 katsuky

katsuky

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 05 February 2009 - 08:17 PM

Hey guys, my laptop is infected with Virtual Trojan, the reason I know this is because I tried a few trojan removal software and they showed me that I have virtual trojan. None of these software worked however (I used trojan removal, spyware doctor, and spyhunter). So I came here for help. Please help me fix my laptop. I am flooded with spams whenever I go on the internet (my laptop is fine if I don't go on the internet however). Here is my DDS log.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Duc at 17:07:53.28 on Thu 02/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.62 [GMT -8:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *enabled*
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Garena\Garena.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Duc\Local Settings\Temporary Internet Files\Content.IE5\OT8OYR9I\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3554453f-c9b3-42b1-bb2a-268238df2e46} - c:\windows\system32\ssqRIARi.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJCSiiG.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {5c4f6f58-7055-dbda-8f84-55d6edb6a27a}: {a72a6bde-6d55-48f8-adbd-550785f6f4c5} - c:\windows\system32\uydtbx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [<NO NAME>]
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [7f241950] rundll32.exe "c:\windows\system32\bwjkpojt.dll",b
StartupFolder: c:\docume~1\duc\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {09F193A5-5CF2-4E63-9B96-9C3AD2D48CDB} = 85.255.112.39,85.255.112.40
TCP: {2A835522-A670-48B5-A46A-EF86E49A0B2C} = 85.255.112.39,85.255.112.40
TCP: {ED6BE832-2713-45A4-BF77-B408693FD200} = 85.255.112.39,85.255.112.40
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: mlJCSiiG - mlJCSiiG.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJCSiiG.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqRIARi

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-4 227344]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 206088]
R3 GarenaPEngine;GarenaPEngine;c:\docume~1\duc\locals~1\temp\TMZ10.tmp [2009-2-5 18704]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]

=============== Created Last 30 ================

2009-02-05 16:47 1,558,506 ---sh--- c:\windows\system32\tjopkjwb.ini
2009-02-05 16:47 73,728 a------- c:\windows\system32\bwjkpojt.dll
2009-02-05 16:47 <DIR> --d----- c:\program files\Trend Micro
2009-02-05 16:45 124,416 a------- c:\windows\system32\xpzdcv.dll
2009-02-05 16:45 124,416 a------- c:\windows\system32\fnujdjqm.dll
2009-02-05 16:44 442,241 a--sh--- c:\windows\system32\iRAIRqss.ini2
2009-02-05 16:44 442,241 a--sh--- c:\windows\system32\iRAIRqss.ini
2009-02-05 16:44 303,616 a------- c:\windows\system32\ssqRIARi.dll
2009-02-05 15:50 124,416 a------- c:\windows\system32\aprriheo.dll
2009-02-05 15:50 124,416 a------- c:\windows\system32\anunpc.dll
2009-02-05 15:47 73,728 a------- c:\windows\system32\phooxnmb.dll.vir
2009-02-05 15:47 303,616 a------- c:\windows\system32\pmnllkLd.dll.vir
2009-02-05 15:38 3,798 a------- c:\windows\system32\%LocalXml%
2009-02-05 15:27 <DIR> -cd----- C:\New Folder
2009-02-04 21:52 134,144 a------- c:\windows\ifagufagel.dll.vir
2009-02-04 21:39 41,984 a------- c:\windows\Fsabixoyen.dll.vir
2009-02-04 21:38 25,088 a------- c:\windows\winsock32.exe
2009-02-04 21:38 41,984 a------- c:\windows\win32.exe
2009-02-04 21:38 705 a------- c:\windows\system32.exe
2009-02-04 21:35 0 a------- c:\windows\kernel32.exe
2009-02-04 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-02-04 21:29 205,349 a------- c:\windows\system32\fqrgicjm.exe
2009-02-04 21:28 124,416 a------- c:\windows\system32\npwbbr.dll
2009-02-04 21:28 124,416 a------- c:\windows\system32\ixppetnl.dll
2009-02-04 21:24 303,616 a------- c:\windows\system32\byXOihfG.dll.vir
2009-02-04 20:11 303,104 a------- c:\windows\system32\nnnlkIYp.dll.vir
2009-02-04 20:08 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-02-04 20:08 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-02-04 20:07 4,383,264 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-04 20:07 409,632 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-04 20:07 35,324 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-04 20:07 2,480 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-04 20:07 <DIR> --d----- c:\program files\Kaspersky Lab
2009-02-04 20:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-02-04 19:24 <DIR> -cd----- C:\Kaspersky Internet Security 8.0.0.506 [-MomradN-]
2009-02-04 19:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-02-04 17:57 73,216 a------- c:\windows\system32\aldxpufx.dll.vir
2009-02-04 17:55 124,416 a------- c:\windows\system32\yllkgh.dll
2009-02-04 17:55 124,416 a------- c:\windows\system32\gcpwyacl.dll
2009-02-04 17:54 303,104 a------- c:\windows\system32\cbXNhijj.dll.vir
2009-02-04 16:04 124,416 a------- c:\windows\system32\uydtbx.dll
2009-02-04 16:04 124,416 a------- c:\windows\system32\ukneaijx.dll
2009-02-04 16:00 73,216 a------- c:\windows\system32\ewrfptia.dll.vir
2009-02-04 16:00 303,104 a------- c:\windows\system32\fccaWnno.dll.vir
2009-02-04 15:41 75,264 a------- c:\windows\system32\drivers\gaopdxdwkmxfaq.sys.vir
2009-02-04 15:33 75,264 a------- c:\windows\system32\drivers\gaopdxrpuyfuld.sys
2009-02-04 15:30 <DIR> -cd----- C:\SpyHunter Security Suite 3.5.11+Crack-HeartBug
2009-02-03 17:00 124,416 a------- c:\windows\system32\korxmg.dll.vir
2009-02-03 16:57 303,616 a------- c:\windows\system32\hgGwWNEx.dll.vir
2009-02-03 15:59 36,864 a------- c:\windows\system32\wvULeBQJ.dll
2009-02-03 15:59 36,864 a------- c:\windows\system32\pmnoOHWN.dll
2009-02-03 15:58 36,864 a------- c:\windows\system32\ljJAPHay.dll
2009-02-03 15:58 36,864 a------- c:\windows\system32\jkkIBQgF.dll
2009-02-03 15:57 36,864 a------- c:\windows\system32\efcYOgFw.dll
2009-02-03 15:57 4 a------- c:\windows\system32\gaopdxcounter
2009-02-03 15:57 36,864 a------- c:\windows\system32\mlJCSiiG.dll
2009-02-03 15:43 <DIR> --d----- c:\docume~1\duc\applic~1\DAEMON Tools Pro
2009-02-03 15:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-02-03 15:41 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-02-03 15:35 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-03 15:35 <DIR> --d----- c:\docume~1\duc\applic~1\DAEMON Tools Lite
2009-02-03 15:28 <DIR> --d----- c:\program files\Kalypso
2009-01-26 21:54 26,496 a------- c:\windows\system32\dllcache\usbstor.sys
2009-01-26 15:13 754 a------- c:\windows\WORDPAD.INI
2009-01-25 20:34 <DIR> -cd----- C:\Christopher Columbus
2009-01-24 12:32 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-24 12:32 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-24 12:22 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-24 12:22 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-24 12:22 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-01-24 12:22 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-24 12:22 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-24 12:22 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-01-24 12:22 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-24 12:22 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-24 12:22 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-01-24 09:40 118 a------- c:\windows\system32\MRT.INI
2009-01-24 00:33 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-23 21:32 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-01-23 21:16 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-23 21:16 202,752 -------- c:\windows\system32\dllcache\rmcast.sys
2009-01-23 21:16 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-23 21:16 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-01-23 21:16 683,520 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-23 21:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-01-23 21:15 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2009-01-23 21:15 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-01-23 21:14 333,184 -------- c:\windows\system32\dllcache\srv.sys
2009-01-23 21:07 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-23 14:29 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-01-23 14:29 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-01-23 14:29 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-01-23 14:29 75,264 a------- c:\windows\system32\unacev2.dll
2009-01-23 14:29 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-01-23 14:29 <DIR> --d----- c:\program files\Trojan Remover
2009-01-23 14:29 <DIR> --d----- c:\docume~1\duc\applic~1\Simply Super Software
2009-01-23 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-01-23 14:25 15,958,364 ac------ C:\Trojan[1].Remover.v6.7.5.2559_softvnn.com.rar
2009-01-23 14:15 <DIR> --d----- c:\docume~1\duc\applic~1\uTorrent
2009-01-23 14:02 <DIR> --dsh--- c:\documents and settings\duc\UserData
2009-01-23 13:03 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-23 12:02 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-23 12:02 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-01-23 12:01 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-01-23 12:01 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-01-23 11:54 47,104 a------- c:\windows\system32\WACntlPnl.cpl
2009-01-23 11:49 <DIR> --d----- c:\docume~1\duc\applic~1\Intuit
2009-01-23 11:49 <DIR> --d----- c:\documents and settings\Duc
2009-01-23 11:44 185,344 a------- c:\windows\system32\Thawbrkr.dll
2009-01-23 11:44 66,594 a------- c:\windows\system32\c_864.nls
2009-01-23 11:44 66,082 a------- c:\windows\system32\C_28596.NLS
2009-01-23 11:44 66,082 a------- c:\windows\system32\c_10004.nls
2009-01-23 11:44 10,752 a------- c:\windows\system32\c_iscii.dll
2009-01-23 11:44 5,632 a------- c:\windows\system32\kbdusa.dll
2009-01-23 11:44 66,594 a------- c:\windows\system32\c_862.nls
2009-01-23 11:44 66,594 a------- c:\windows\system32\c_720.nls
2009-01-23 11:44 66,082 a------- c:\windows\system32\c_708.nls
2009-01-23 11:44 66,082 a------- c:\windows\system32\c_10021.nls
2009-01-23 11:44 66,082 a------- c:\windows\system32\c_10005.nls
2009-01-23 11:44 6,144 a------- c:\windows\system32\ftlx041e.dll
2009-01-23 09:24 <DIR> -cdshr-- C:\resycled
2009-01-23 09:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-01-23 08:54 <DIR> --d----- c:\windows\Logs
2009-01-19 21:25 22,528 ac------ C:\schedual.doc
2009-01-15 21:14 416 ac------ C:\war.rtf
2009-01-12 16:23 <DIR> -cd----- C:\Immortal Defense (Radical Poesis Games) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]
2009-01-12 16:19 <DIR> --d----- c:\program files\Immortal Defense

==================== Find3M ====================

2009-02-04 15:52 263 ac-shr-- C:\autorun.inf.vir
2009-01-24 12:34 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-24 12:34 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-11 03:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-11-11 20:00 218,376 a------- c:\windows\system32\klogon.dll

============= FINISH: 17:10:06.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 14 February 2009 - 07:29 PM

Hello, katsuky
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen.
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :step4:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 15 February 2009 - 12:52 AM

Thank you Bill for helping me. Here is my combofix log.

ComboFix 09-02-12.03 - Duc 2009-02-14 20:36:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.277 [GMT -8:00]
Running from: c:\documents and settings\Duc\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Security 2006 *enabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Duc\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090204213610484.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\documents and settings\An Vu\Application Data\gadcom
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Phuc Vu\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Thao Pham\Application Data\ShoppingReport
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Thao Pham\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\program files\Bkav2006
c:\program files\Bkav2006\Backup\B.tmp
c:\program files\Bkav2006\Backup\BootC.dat
c:\program files\Bkav2006\Backup\BootD.dat
c:\program files\Bkav2006\Backup\C.tmp
c:\program files\Bkav2006\Backup\D.tmp
c:\program files\Bkav2006\Backup\E.tmp
c:\program files\Bkav2006\BKAV.LOG
c:\program files\Bkav2006\BKAV.VRL
c:\program files\Bkav2006\BKAVE.LOG
c:\program files\Bkav2006\Help\bkav.css
c:\program files\Bkav2006\Help\chitiet.htm
c:\program files\Bkav2006\Help\chitiete.htm
c:\program files\Bkav2006\Help\HelpBanquyen.htm
c:\program files\Bkav2006\Help\Helpbtg.htm
c:\program files\Bkav2006\Help\Helpdiet.htm
c:\program files\Bkav2006\Help\HelpGth.htm
c:\program files\Bkav2006\Help\HelpLiqu.htm
c:\program files\Bkav2006\Help\HelpLiveUpdate.htm
c:\program files\Bkav2006\Help\Helpnhki.htm
c:\program files\Bkav2006\Help\Helpnhl.htm
c:\program files\Bkav2006\Help\HelpOpt.htm
c:\program files\Bkav2006\Help\HelpVrls.htm
c:\program files\Bkav2006\Help\images\arrow.gif
c:\program files\Bkav2006\Help\images\DangKy.gif
c:\program files\IE Extensions
c:\recycler\S-4-3-14-100001277-100024815-100008038-2911.com
C:\resycled
c:\resycled\ntldr.com
C:\text.txt
c:\windows\kernel32.exe
c:\windows\system32.exe
c:\windows\system32\afofbd.dll
c:\windows\system32\akrptdbr.dll
c:\windows\system32\aldxpufx.dll.vir
c:\windows\system32\anunpc.dll
c:\windows\system32\aoeqgt.dll
c:\windows\system32\aprriheo.dll
c:\windows\system32\bdxrgkae.dll
c:\windows\system32\bhmlscpy.ini
c:\windows\system32\bssmoshe.dll
c:\windows\system32\bwjkpojt.dll.vir
c:\windows\system32\byXOihfG.dll.vir
c:\windows\system32\cbXNhijj.dll.vir
c:\windows\system32\cckqwp.dll
c:\windows\system32\dfejnaix.dll.vir
c:\windows\system32\drivers\gaopdxrpuyfuld.sys
c:\windows\system32\dujqir.dll
c:\windows\system32\eeojit.dll
c:\windows\system32\efcYOgFw.dll
c:\windows\system32\ephkbrbo.dll
c:\windows\system32\ewrfptia.dll.vir
c:\windows\system32\fccaWnno.dll.vir
c:\windows\system32\fnujdjqm.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\gcpwyacl.dll
c:\windows\system32\guqwnalj.dll
c:\windows\system32\hgGwWNEx.dll.vir
c:\windows\system32\hgGyaBUM.dll.vir
c:\windows\system32\htvkexty.dll.vir
c:\windows\system32\ixppetnl.dll
c:\windows\system32\jbixbuwt.dll
c:\windows\system32\jkkIBQgF.dll
c:\windows\system32\jnwndn.dll
c:\windows\system32\jwdvakio.ini
c:\windows\system32\jzuvmb.dll
c:\windows\system32\kcgmqz.dll
c:\windows\system32\kkievfks.dll.vir
c:\windows\system32\ljJAPHay.dll
c:\windows\system32\ljJBqpPI.dll
c:\windows\system32\mlJBTJDW.dll.vir
c:\windows\system32\mlJCSiiG.dll
c:\windows\system32\mlJDuRkh.dll.vir
c:\windows\system32\mvwppw.dll
c:\windows\system32\mxhkyvju.dll
c:\windows\system32\mxxbgich.dll
c:\windows\system32\nnnlkIYp.dll.vir
c:\windows\system32\npwbbr.dll
c:\windows\system32\oglbuu.dll
c:\windows\system32\OrrCdMoq.ini
c:\windows\system32\OrrCdMoq.ini2
c:\windows\system32\pgaeoioa.dll
c:\windows\system32\phooxnmb.dll.vir
c:\windows\system32\pmnllkLd.dll.vir
c:\windows\system32\pmnoOHWN.dll
c:\windows\system32\qclepaqq.dll
c:\windows\system32\qoMdCrrO.dll
c:\windows\system32\qouhlqcj.dll
c:\windows\system32\qqapelcq.ini
c:\windows\system32\QYadfMoq.ini
c:\windows\system32\QYadfMoq.ini2
c:\windows\system32\rjhgkxsx.dll
c:\windows\system32\ssqRIARi.dll.vir
c:\windows\system32\tjdjek.dll
c:\windows\system32\uaaltd.dll
c:\windows\system32\ukneaijx.dll
c:\windows\system32\uoguseya.dll
c:\windows\system32\uydtbx.dll
c:\windows\system32\wbcalxts.dll.vir
c:\windows\system32\wdqduvpb.dll
c:\windows\system32\wsegja.dll
c:\windows\system32\wvULeBQJ.dll
c:\windows\system32\wvUlkjJb.dll.vir
c:\windows\system32\xianjefd.ini
c:\windows\system32\xpzdcv.dll
c:\windows\system32\xtfrryul.dll.vir
c:\windows\system32\yllkgh.dll
c:\windows\Tasks\vxlfupac.job
d:\recycler\S-4-3-14-100001277-100024815-100008038-2911.com
d:\recycler\S-4-7-43-100009428-100020569-100013116-8450.com
D:\resycled
d:\resycled\ntldr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-11 09:51 . 2009-02-11 09:51 <DIR> d-------- c:\documents and settings\An\Application Data\Yahoo!
2009-02-08 23:36 . 2009-02-08 23:36 <DIR> d-------- c:\documents and settings\Phuc\Application Data\Simply Super Software
2009-02-08 23:11 . 2009-02-08 23:11 <DIR> d-------- c:\documents and settings\Phuc\Application Data\Yahoo!
2009-02-08 23:08 . 2009-01-23 09:56 <DIR> d-------- c:\documents and settings\Phuc\Application Data\Intuit
2009-02-08 23:08 . 2009-02-08 23:08 <DIR> d-------- c:\documents and settings\Phuc
2009-02-08 14:46 . 2009-02-08 14:53 <DIR> d-------- c:\documents and settings\Duc\Application Data\Chessmaster Challenge
2009-02-05 16:47 . 2009-02-05 16:47 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 15:38 . 2009-02-05 15:38 3,798 --a------ c:\windows\system32\%LocalXml%
2009-02-05 15:20 . 2009-02-05 15:20 <DIR> d-------- c:\documents and settings\Thao
2009-02-04 21:52 . 2009-02-04 21:52 134,144 --a------ c:\windows\ifagufagel.dll.vir
2009-02-04 21:39 . 2009-02-04 21:39 41,984 --a------ c:\windows\Fsabixoyen.dll.vir
2009-02-04 21:38 . 2009-02-04 21:38 41,984 --a------ c:\windows\win32.exe
2009-02-04 21:38 . 2009-02-04 21:38 25,088 --a------ c:\windows\winsock32.exe
2009-02-04 21:29 . 2009-02-04 21:29 205,349 --a------ c:\windows\system32\fqrgicjm.exe
2009-02-04 20:08 . 2009-02-04 20:08 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-04 20:08 . 2009-02-04 20:08 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-04 20:07 . 2009-02-04 20:07 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-04 20:07 . 2009-02-14 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-04 20:07 . 2009-02-14 20:50 5,469,216 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-04 20:07 . 2009-02-14 20:50 614,432 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-04 20:07 . 2009-02-14 20:50 43,808 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-04 20:07 . 2009-02-14 20:50 3,152 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-04 19:24 . 2009-02-04 19:25 <DIR> d----c--- C:\Kaspersky Internet Security 8.0.0.506 [-MomradN-]
2009-02-04 19:23 . 2009-02-04 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-04 15:41 . 2009-02-04 15:41 75,264 --a------ c:\windows\system32\drivers\gaopdxdwkmxfaq.sys.vir
2009-02-04 15:30 . 2009-02-04 15:31 <DIR> d----c--- C:\SpyHunter Security Suite 3.5.11+Crack-HeartBug
2009-02-03 17:00 . 2009-02-03 17:00 124,416 --a------ c:\windows\system32\korxmg.dll.vir
2009-02-03 15:43 . 2009-02-03 15:43 <DIR> d-------- c:\documents and settings\Duc\Application Data\DAEMON Tools Pro
2009-02-03 15:42 . 2009-02-03 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-03 15:41 . 2009-02-03 15:41 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-03 15:35 . 2009-02-03 15:43 <DIR> d-------- c:\documents and settings\Duc\Application Data\DAEMON Tools Lite
2009-02-03 15:35 . 2009-02-03 15:35 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-03 15:28 . 2009-02-03 15:28 <DIR> d-------- c:\program files\Kalypso
2009-02-03 15:27 . 2009-02-03 15:43 <DIR> d-------- c:\documents and settings\Duc\Application Data\DAEMON Tools
2009-02-01 15:21 . 2009-02-01 15:21 <DIR> d-------- c:\documents and settings\An\Application Data\vlc
2009-02-01 15:20 . 2009-02-01 15:20 <DIR> d-------- c:\documents and settings\An\Application Data\Apple Computer
2009-01-30 19:23 . 2009-01-30 19:23 <DIR> d-------- c:\documents and settings\Duc\Application Data\Yahoo!
2009-01-26 21:54 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys
2009-01-26 15:13 . 2009-01-26 15:13 754 --a------ c:\windows\WORDPAD.INI
2009-01-25 20:34 . 2009-01-27 17:20 <DIR> d----c--- C:\Christopher Columbus
2009-01-25 20:26 . 2009-01-25 20:26 <DIR> d-------- c:\documents and settings\Duc\Application Data\AdobeUM
2009-01-25 08:56 . 2009-01-23 09:56 <DIR> d-------- c:\documents and settings\An\Application Data\Intuit
2009-01-25 08:55 . 2009-02-11 09:59 <DIR> d-------- c:\documents and settings\An
2009-01-24 13:06 . 2009-01-24 13:06 <DIR> d-------- c:\documents and settings\Duc\Application Data\Apple Computer
2009-01-24 12:32 . 2009-01-24 12:34 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-24 12:32 . 2009-01-24 12:34 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-24 12:22 . 2008-10-16 12:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-01-24 12:22 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-24 12:22 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-24 12:22 . 2008-10-16 12:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-24 12:22 . 2008-10-16 12:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-24 12:22 . 2008-10-16 12:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-01-24 12:22 . 2008-10-16 12:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-01-24 12:22 . 2008-10-16 12:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-24 12:22 . 2008-10-16 05:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-24 09:40 . 2009-01-24 09:40 118 --a------ c:\windows\system32\MRT.INI
2009-01-24 00:33 . 2009-01-24 00:33 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-23 21:32 . 2009-01-23 21:32 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-01-23 21:16 . 2008-12-12 22:40 3,593,216 --------- c:\windows\system32\dllcache\mshtml.dll
2009-01-23 21:16 . 2008-04-11 10:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-23 21:16 . 2008-10-24 03:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-23 21:16 . 2008-05-01 06:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-01-23 21:16 . 2008-05-08 04:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-23 21:15 . 2008-09-04 08:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-01-23 21:15 . 2008-10-15 08:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-23 21:15 . 2008-10-03 02:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-01-23 21:14 . 2009-02-14 21:41 <DIR> d-------- c:\documents and settings\Duc\Application Data\Hamachi
2009-01-23 21:14 . 2008-12-11 03:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-01-23 21:00 . 2009-01-23 21:01 <DIR> d-------- c:\documents and settings\Duc\Application Data\Netscape
2009-01-23 14:29 . 2009-01-23 21:00 <DIR> d-------- c:\program files\Trojan Remover
2009-01-23 14:29 . 2009-01-23 14:29 <DIR> d-------- c:\documents and settings\Duc\Application Data\Simply Super Software
2009-01-23 14:29 . 2009-01-23 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-01-23 14:29 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-23 14:29 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-01-23 14:29 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-23 14:29 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-01-23 14:29 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-23 14:25 . 2009-01-23 14:25 15,958,364 --a--c--- C:\Trojan[1].Remover.v6.7.5.2559_softvnn.com.rar
2009-01-23 14:16 . 2009-01-23 14:16 <DIR> d-------- c:\documents and settings\Duc\Application Data\vlc
2009-01-23 14:15 . 2009-02-14 20:14 <DIR> d-------- c:\documents and settings\Duc\Application Data\uTorrent
2009-01-23 14:02 . 2009-01-23 14:02 <DIR> d--hs---- c:\documents and settings\Duc\UserData
2009-01-23 12:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-23 12:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-01-23 12:01 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-23 12:01 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-01-23 11:54 . 2005-12-07 10:35 47,104 --a------ c:\windows\system32\WACntlPnl.cpl
2009-01-23 11:49 . 2009-01-23 09:56 <DIR> d-------- c:\documents and settings\Duc\Application Data\Intuit
2009-01-23 11:49 . 2009-02-05 15:51 <DIR> d-------- c:\documents and settings\Duc
2009-01-23 11:44 . 2004-08-04 05:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2009-01-23 11:44 . 2004-08-04 05:00 66,594 --a------ c:\windows\system32\c_864.nls
2009-01-23 11:44 . 2004-08-04 05:00 66,594 --a------ c:\windows\system32\c_862.nls
2009-01-23 11:44 . 2004-08-04 05:00 66,594 --a------ c:\windows\system32\c_720.nls
2009-01-23 11:44 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_708.nls
2009-01-23 11:44 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\C_28596.NLS
2009-01-23 11:44 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_10021.nls
2009-01-23 11:44 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_10005.nls
2009-01-23 11:44 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_10004.nls
2009-01-23 11:44 . 2004-08-04 05:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2009-01-23 11:44 . 2004-08-04 05:00 6,144 --a------ c:\windows\system32\ftlx041e.dll
2009-01-23 11:44 . 2004-08-04 05:00 5,632 --a------ c:\windows\system32\kbdusa.dll
2009-01-23 09:19 . 2009-01-23 09:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-23 08:54 . 2009-01-23 08:54 <DIR> d-------- c:\windows\Logs
2009-01-19 21:25 . 2009-01-19 21:25 22,528 --a--c--- C:\schedual.doc
2009-01-16 13:26 . 2009-01-24 12:57 <DIR> d-------- c:\program files\QuickTime
2009-01-16 13:23 . 2009-01-16 13:23 <DIR> d-------- c:\program files\Apple Software Update
2009-01-15 21:14 . 2009-01-17 19:24 416 --a--c--- C:\war.rtf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 04:04 --------- d-----w c:\program files\Garena
2009-02-15 02:21 --------- d-----w c:\program files\Warcraft III 1.22
2009-02-13 18:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-05 03:57 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-05 03:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-04 23:52 263 -csha-r C:\autorun.inf.vir
2009-01-31 04:44 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-31 03:21 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-24 20:34 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-24 20:34 --------- d-----w c:\program files\Symantec
2009-01-23 19:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 19:54 --------- d-----w c:\program files\HPQ
2009-01-23 18:07 --------- d-----w c:\program files\Quickensetup
2009-01-23 18:06 --------- d-----w c:\program files\Quicken
2009-01-23 18:04 --------- d-----w c:\program files\music_now
2009-01-23 18:04 --------- d-----w c:\program files\MSN Encarta Plus
2009-01-23 18:04 --------- d-----w c:\program files\Microsoft Works
2009-01-23 18:03 --------- d-----w c:\program files\Microsoft Office Trial Wizard
2009-01-23 18:03 --------- d-----w c:\program files\Microsoft Money 2006
2009-01-23 18:02 --------- d-----w c:\program files\HP Rhapsody
2009-01-23 18:01 --------- d-----w c:\program files\Google
2009-01-23 18:00 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-23 18:00 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-23 18:00 --------- d-----w c:\program files\Common Files\Palo Alto Software
2009-01-23 17:59 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-23 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-01-23 17:49 --------- d-----w c:\documents and settings\An Vu\Application Data\uTorrent
2009-01-23 17:48 --------- d-----w c:\documents and settings\An Vu\Application Data\Hamachi
2009-01-22 05:28 --------- d-----w c:\documents and settings\An Vu\Application Data\Chessmaster Challenge
2009-01-21 03:05 --------- d-----w c:\program files\Warcraft III
2009-01-16 21:26 --------- d-----w c:\program files\Common Files\Apple
2009-01-13 00:22 --------- d-----w c:\program files\Immortal Defense
2009-01-10 23:26 --------- d-----w c:\documents and settings\An Vu\Application Data\dvdcss
2009-01-07 00:14 --------- d-----w c:\documents and settings\An Vu\Application Data\Apple Computer
2009-01-04 19:11 --------- d-----w c:\program files\Common Files\Ahead
2009-01-04 18:50 --------- d-----w c:\program files\Ahead
2009-01-04 18:49 --------- d-----w c:\program files\Common Files\Nero
2009-01-04 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-12-27 00:28 --------- d-----w c:\program files\Prison Tycoon 4
2008-12-26 07:24 --------- d-----w c:\documents and settings\An Vu\Application Data\ValuSoft
2008-12-26 07:11 --------- d-----w c:\program files\Diablo II
2008-12-22 20:12 --------- d-----w c:\documents and settings\An Vu\Application Data\InstallShield
2008-12-21 07:05 --------- d-----w c:\documents and settings\An Vu\Application Data\Skype
2008-12-20 18:52 --------- d-----w c:\program files\GameSpy Arcade
2008-12-20 07:57 --------- d-----w c:\program files\Common Files\Adobe
2008-12-20 06:22 --------- d-----w c:\documents and settings\An Vu\Application Data\skypePM
2008-12-20 06:20 --------- d-----w c:\program files\Skype
2008-12-20 06:20 --------- d-----w c:\program files\Common Files\Skype
2008-12-20 06:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-20 04:01 --------- d-----w c:\program files\RegCure
2008-12-16 06:23 --------- d-----w c:\program files\Enigma Software Group
2008-12-16 06:03 --------- d-----w c:\program files\SpyHunter_Crack
2008-12-15 22:02 --------- d-----w c:\program files\Spyware Doctor
2008-12-15 21:47 --------- d-----w c:\documents and settings\An Vu\Application Data\PC Tools
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-28 4363504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-28 28616]

c:\documents and settings\Duc Vu\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-03-07 625952]

c:\documents and settings\Duc\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-03-07 625952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Duc\LOCALS~1\Temp\VXR14.tmp --> c:\docume~1\Duc\LOCALS~1\Temp\VXR14.tmp [?]
.
- - - - ORPHANS REMOVED - - - -

BHO-{05470E87-1533-4FA5-9364-56F95A54BBC9} - c:\windows\system32\qoMdCrrO.dll
BHO-{a72a6bde-6d55-48f8-adbd-550785f6f4c5} - c:\windows\system32\uydtbx.dll
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Duc\Application Data\Mozilla\Firefox\Profiles\5osn7xp8.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 21:41:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????9????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Duc\LOCALS~1\Temp\VXR14.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1592)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-02-14 21:46:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 05:46:26

Pre-Run: 38,385,156,096 bytes free
Post-Run: 42,046,889,984 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

429 --- E O F --- 2009-01-25 17:11:38

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 16 February 2009 - 05:09 PM

Hello, katsuky
We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    folder::
    c:\documents and settings\Thao
    c:\program files\Trojan Remover
    c:\documents and settings\Duc\Application Data\Simply Super Software
    c:\documents and settings\All Users\Application Data\Simply Super Software
    c:\program files\SpyHunter_Crack
    c:\program files\WildTangent
    file::
    c:\windows\system32\%LocalXml%
    c:\windows\ifagufagel.dll.vir
    c:\windows\Fsabixoyen.dll.vir
    c:\windows\win32.exe
    c:\windows\winsock32.exe
    c:\windows\system32\fqrgicjm.exe
    c:\windows\system32\drivers\gaopdxdwkmxfaq.sys.vir
    c:\windows\system32\korxmg.dll.vir
    c:\windows\system32\ztvunrar36.dll
    c:\windows\system32\UNRAR3.dll
    c:\windows\system32\ztvunace26.dll
    c:\windows\system32\unacev2.dll
    c:\windows\system32\ztvcabinet.dll
    C:\Trojan[1].Remover.v6.7.5.2559_softvnn.com.rar
    C:\war.rtf
    driver::
    GarenaPEngine
    reglockdel::
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 16 February 2009 - 09:32 PM

Hello Bill, I did what you told me to do, but there is a bug I need to tell you. When I run combofix, there is a popup that tells me Norton Internet Security 2006 is running and I must disable it. Well, I uninstalled Norton Internet Security a while ago to install Kasperskylab, so there is no way I can disable it now. I don't know if this will affect the combofix but I am going to tell you about it anyway. Also I have something to tell you. The DDS log that I posted is kinda old. While I was waiting I ran my trojan removal tool and it removed or renamed the trojans, (they still reinstall themself with a new name though) so the DDS log might have changed. Do you want me to run a new DDS log and update it for you?

My combofix log is too long and this website won't allows me to post it here, so I am going to use the attachment feature. (there was also some problem while I run combofix. The 1st time I did it, my computer accidently rebooted because of "automatic update". The 2nd time I run it, it looked like combofix scan slowed down a lot, it took almost 1 hour to finish the scan) And the attachment feature doesn't seem to work with my file. My log is about 1.8mb and it took forever to upload, I'll wait for your reply and see if everythings is ok before I try to post my log on separate replies.

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 17 February 2009 - 05:03 PM

Hello, katsuky

Hello Bill, I did what you told me to do, but there is a bug I need to tell you. When I run combofix, there is a popup that tells me Norton Internet Security 2006 is running and I must disable it. Well, I uninstalled Norton Internet Security a while ago to install Kasperskylab, so there is no way I can disable it now.

The bug lies with Norton. Norton failed to remove it's entries from WMI when it uninstalled itself. If norton is truly gone, you can ignore that message.

While I was waiting I ran my trojan removal tool and it removed or renamed the trojans, (they still reinstall themself with a new name though) so the DDS log might have changed. Do you want me to run a new DDS log and update it for you?

No need. The CF log contains the same information.

My combofix log is too long and this website won't allows me to post it here, so I am going to use the attachment feature. (there was also some problem while I run combofix. The 1st time I did it, my computer accidently rebooted because of "automatic update". The 2nd time I run it, it looked like combofix scan slowed down a lot, it took almost 1 hour to finish the scan) And the attachment feature doesn't seem to work with my file. My log is about 1.8mb and it took forever to upload, I'll wait for your reply and see if everythings is ok before I try to post my log on separate replies.

The attachment failed. Can you try zipping up the file and attaching the ZIP?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 17 February 2009 - 06:23 PM

Hey Bill, I tried zipping the file, but the attachment feature doesn't seem to work (it take forever to upload). I don't know if this is a problem of the website or my netscape browser problem, but either way I cannot upload the combofix log. Is there any other way I can upload the combofix log?

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 17 February 2009 - 07:23 PM

Please try uploading it to MediaFire.

http://www.mediafire.com/

Once you've uploaded it, click the "Copy Link" button in order to let me download it, and paste that link back here :thumbup2:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 17 February 2009 - 08:46 PM

Here is the link for my combofix log (nonzip file)
http://www.mediafire.com/?tetw2xojynz

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 17 February 2009 - 10:15 PM

Hello, katsuky
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 17 February 2009 - 11:21 PM

Hey Bill, I tried to run the scanner, but unfortunately my NetScape Browser does not has Active X, and the scanner says I need to use Internet Explorer to run it. Well, my internet explorer has trojans and I do not want to trigger them when I open internet explorer. So is there any other way to run this scanner without openning up Internet Explorer?

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 17 February 2009 - 11:48 PM

I believe your IE installation has been cleaned out. The ESET scan is to ensure that I haven't missed anything. Standard policy here at BC is to check with some form of onlinescan before sending you on your way :thumbup2:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 18 February 2009 - 09:58 PM

Hey Bill, thank you for helping me. My IE browser is clean now, and this is my online scanner log.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3866 (20090218)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=07fd1c7b1467c247afa38cf742143b6f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-19 02:28:22
# local_time=2009-02-18 06:28:22 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=774579
# found=2
# scan_time=6550
C:\Zeus+Poseidon Expansion\Zeus\dvnz11tr.zip Win32/Keylogger.HotKeysHook.A virus (deleted) 00000000000000000000000000000000
C:\Zeus+Poseidon Expansion\Zeus\dvnz11tr.zip »ZIP »TRN_9XME.EXE Win32/Keylogger.HotKeysHook.A virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Thank you very much.

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:06 PM

Posted 18 February 2009 - 10:04 PM

Hello, katsuky
You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
  • Click the "Start Menu" (or Windows Orb)
  • Click "All Programs"
  • Click "Windows Update"
  • On the left, choose "Change Settings"
  • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
  • Press OK and accept the UAC prompt.
    Note: You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click "Check for Updates" in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 katsuky

katsuky
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 19 February 2009 - 12:32 AM

Hello Bill, I updated my laptop and ran the scanner. Here is my OTListIT.txt

OTListIt logfile created on: 2/18/2009 9:27:52 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.18 Folder = C:\Documents and Settings\Duc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.17 Mb Total Physical Memory | 228.18 Mb Available Physical Memory | 44.73% Memory free
1.21 Gb Paging File | 0.95 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85.71 Gb Total Space | 38.78 Gb Free Space | 45.25% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.97 Gb Free Space | 13.08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VUFAMILY
Current User Name: Duc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/11/10 14:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/11/10 14:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/11/10 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/11/10 12:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2005/06/19 12:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/12 10:39:52 | 00,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/22 07:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/12/13 16:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2005/11/15 14:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/12/21 23:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/12/18 21:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/28 21:56:16 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/02/18 21:27:28 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Duc\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/11/10 14:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2009/02/16 15:25:33 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Stopped])
SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])
SRV - File not found -- -- (ccSetMgr [Auto | Stopped])
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/12/21 23:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/11/15 14:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - File not found -- -- (NSCService [Auto | Stopped])
SRV - File not found -- -- (SNDSrvc [Auto | Stopped])
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 07:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2005/03/09 14:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/11/10 14:51:00 | 01,396,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/11/28 01:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/08/18 00:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2005/08/02 01:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005/08/02 02:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2005/05/05 09:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/05/05 09:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/01/23 21:32:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2005/08/22 01:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
DRV - [2005/08/22 01:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/02/16 15:25:33 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2008/03/13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])
DRV - [2009/02/16 15:25:33 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2004/03/16 20:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/09/30 03:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 11:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2009/02/03 15:35:33 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/10/01 14:48:56 | 00,012,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])
DRV - [2009/01/24 12:34:43 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/10/01 14:49:04 | 00,098,184 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2007/10/01 14:49:16 | 00,031,624 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])
DRV - [2007/10/01 14:49:10 | 00,028,040 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped])
DRV - [2007/10/01 14:49:20 | 00,023,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2007/10/01 14:49:26 | 00,189,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2005/06/19 12:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/20 02:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/08/22 01:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\S-1-5-21-3123743082-1922380081-4150418505-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Duc\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\Duc Vu\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3123743082-1922380081-4150418505-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/04 15:52:29 | 00,000,263 | RHS- | M] () - C:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/02/04 15:52:30 | 00,000,276 | RHS- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O33 - MountPoints2\{3dc9ebe5-f24c-11dd-ae3e-0014a5fee307}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc9ebe5-f24c-11dd-ae3e-0014a5fee307}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc9ebe5-f24c-11dd-ae3e-0014a5fee307}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/18 21:27:27 | 00,494,592 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Duc\Desktop\OTListIt2.exe
[2009/02/18 21:18:42 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/02/18 21:18:25 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/02/18 21:17:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/02/18 21:13:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/18 20:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/02/18 20:50:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/02/18 20:50:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/02/18 19:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Sonic
[2009/02/18 19:14:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Leadertech
[2009/02/18 19:12:35 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/02/18 19:12:32 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/02/18 19:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/02/18 19:03:55 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/18 16:27:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/02/18 15:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/02/17 15:18:06 | 00,094,820 | ---- | C] () -- C:\ComboFix.zip
[2009/02/16 22:03:06 | 00,000,000 | ---D | C] -- C:\Nhac mp3
[2009/02/16 17:07:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/02/14 20:33:46 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/02/14 20:33:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/02/14 20:33:34 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/14 20:31:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/02/14 20:31:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/02/14 20:31:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/02/14 20:31:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/14 20:31:06 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/02/14 20:31:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/14 20:31:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/14 20:31:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/02/14 20:31:06 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/02/14 20:30:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/14 20:30:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/14 20:28:04 | 02,921,379 | R--- | C] () -- C:\Documents and Settings\Duc\Desktop\ComboFix.exe
[2009/02/13 11:02:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Mozilla
[2009/02/13 11:02:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Mozilla
[2009/02/13 11:01:45 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/13 10:57:57 | 07,521,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Duc\Desktop\Firefox Setup 3.0.6.exe
[2009/02/08 15:16:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Wildtangent
[2009/02/08 14:46:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Chessmaster Challenge
[2009/02/05 17:30:02 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\Duc\Desktop\dds.scr
[2009/02/05 16:47:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Duc\Desktop\HijackThis.lnk
[2009/02/05 16:47:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/04 21:52:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\{5E1EA027-60D2-48BD-9786-037EF85896BE}
[2009/02/04 20:08:41 | 00,101,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/02/04 20:08:40 | 00,089,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/02/04 20:07:26 | 05,469,216 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/02/04 20:07:26 | 00,778,272 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/02/04 20:07:26 | 00,043,808 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/02/04 20:07:26 | 00,003,740 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/02/04 20:07:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/02/04 20:07:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/02/04 20:07:06 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/02/04 19:24:46 | 00,000,000 | ---D | C] -- C:\Kaspersky Internet Security 8.0.0.506 [-MomradN-]
[2009/02/04 19:23:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/02/04 15:30:56 | 00,000,000 | ---D | C] -- C:\SpyHunter Security Suite 3.5.11+Crack-HeartBug
[2009/02/03 20:33:50 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/02/03 20:33:50 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/02/03 20:33:50 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/02/03 20:33:50 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/02/03 20:33:50 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/02/03 20:33:50 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/02/03 20:33:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/02/03 20:33:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/02/03 20:33:49 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/02/03 20:33:49 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/02/03 20:33:49 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/02/03 20:33:49 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/02/03 20:33:49 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/02/03 20:33:49 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/02/03 20:33:45 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/02/03 20:33:44 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2009/02/03 20:33:44 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/02/03 20:33:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winzm.ime
[2009/02/03 20:33:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsp.ime
[2009/02/03 20:33:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winpy.ime
[2009/02/03 20:33:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/02/03 20:33:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/02/03 20:33:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/02/03 20:33:44 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/02/03 20:33:44 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/02/03 20:33:44 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/02/03 20:33:44 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/02/03 20:33:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/02/03 20:33:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/02/03 20:33:43 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/02/03 20:33:43 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/02/03 20:33:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/02/03 20:33:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/02/03 20:33:34 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/02/03 20:33:34 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/02/03 20:33:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/02/03 20:33:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/02/03 20:33:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/02/03 20:33:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/02/03 20:33:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/02/03 20:33:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/02/03 20:33:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/02/03 15:43:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\DAEMON Tools Pro
[2009/02/03 15:42:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/02/03 15:35:31 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/03 15:35:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\DAEMON Tools Lite
[2009/02/03 15:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\Kalypso
[2009/02/03 15:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\DAEMON Tools
[2009/01/30 19:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Yahoo
[2009/01/30 19:23:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Yahoo!
[2009/01/30 19:22:25 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/01/27 17:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\My Documents\The Lord of the Rings - Conquest
[2009/01/27 17:20:59 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/01/27 17:20:58 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/01/27 17:20:58 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/01/27 17:20:57 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/01/27 17:20:57 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/01/27 17:20:57 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/01/27 17:20:54 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/01/27 17:20:54 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/01/27 17:20:53 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/01/27 17:20:53 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/01/27 17:20:52 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/01/27 17:20:52 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/01/27 17:20:51 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/01/27 17:20:50 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/01/27 17:20:50 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/01/27 17:20:50 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/01/27 17:20:49 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/01/27 17:20:48 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/01/27 17:20:48 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/01/27 17:20:48 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/01/27 17:20:47 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/01/27 17:20:46 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/01/27 17:20:46 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/01/27 17:20:45 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/01/27 17:20:45 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/01/27 17:20:44 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/01/27 17:20:44 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/01/27 17:20:42 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/01/27 17:20:42 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/01/27 17:20:41 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/01/27 17:20:40 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/01/27 17:20:40 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/01/27 17:20:40 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/01/27 17:20:39 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/01/27 17:20:38 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/01/27 17:20:38 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/01/27 17:20:37 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/01/27 17:20:37 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/01/27 17:20:37 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/01/27 17:20:36 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/01/27 17:20:35 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/01/27 17:20:32 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/01/27 17:20:32 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/01/27 17:20:31 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/01/27 17:20:30 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/01/27 17:20:30 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/01/27 17:20:29 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/01/27 17:20:29 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/01/27 17:20:29 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/01/27 17:20:29 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/01/27 17:20:28 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/01/27 17:20:28 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/01/27 17:20:28 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/01/27 17:20:28 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/01/27 17:20:27 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/01/27 17:20:27 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/01/27 17:20:26 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/01/27 17:20:26 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/01/27 17:20:25 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/01/27 17:20:25 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/01/27 17:20:25 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/01/27 17:20:24 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/01/27 17:20:24 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/01/27 17:20:24 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/01/27 17:20:22 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/01/26 21:54:44 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2009/01/26 15:13:16 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/25 20:34:43 | 00,000,000 | ---D | C] -- C:\Christopher Columbus
[2009/01/25 20:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\AdobeUM
[2009/01/25 20:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Adobe
[2009/01/25 20:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\My Documents\My eBooks
[2009/01/24 16:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\My Documents\Downloads
[2009/01/24 13:06:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Apple Computer
[2009/01/24 12:57:50 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/01/24 12:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Apple
[2009/01/24 12:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Apple Computer
[2009/01/24 12:32:51 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/01/24 12:32:51 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/01/24 12:22:46 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/01/24 12:22:46 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/01/24 12:22:44 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/01/24 12:22:44 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/01/24 12:22:43 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/01/24 12:22:40 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/01/24 12:22:40 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/01/24 12:22:40 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/01/24 12:22:38 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/01/24 12:14:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/01/24 12:03:34 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/01/24 09:40:56 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/24 09:31:02 | 21,244,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/24 00:33:00 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/01/23 21:32:32 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2009/01/23 21:32:32 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Duc\Start Menu\Programs\Startup\hamachi.lnk
[2009/01/23 21:27:27 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/01/23 21:27:25 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/01/23 21:27:22 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/01/23 21:27:22 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/01/23 21:27:20 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/01/23 21:27:19 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/01/23 21:27:19 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/01/23 21:27:19 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/01/23 21:27:18 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/01/23 21:27:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/01/23 21:27:13 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/01/23 21:27:13 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/01/23 21:27:13 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/01/23 21:27:07 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/01/23 21:27:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/01/23 21:27:05 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/01/23 21:27:00 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/01/23 21:27:00 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/01/23 21:26:57 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/01/23 21:26:57 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/01/23 21:26:57 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/01/23 21:26:55 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/01/23 21:26:54 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/01/23 21:26:53 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/01/23 21:26:53 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/01/23 21:26:53 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/01/23 21:26:51 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/01/23 21:26:49 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/01/23 21:26:42 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/01/23 21:26:39 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/01/23 21:26:39 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/01/23 21:26:39 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/01/23 21:26:39 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/01/23 21:26:38 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/01/23 21:26:38 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/01/23 21:26:36 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/01/23 21:26:36 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/01/23 21:26:22 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/01/23 21:26:22 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/01/23 21:26:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/01/23 21:26:21 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/01/23 21:26:17 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/01/23 21:26:16 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/01/23 21:26:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/01/23 21:26:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/01/23 21:26:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/01/23 21:26:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/01/23 21:26:09 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/01/23 21:26:07 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/01/23 21:26:07 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/01/23 21:26:03 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/01/23 21:26:02 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/01/23 21:26:01 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/01/23 21:26:01 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/01/23 21:26:01 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/01/23 21:26:01 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/01/23 21:26:01 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/01/23 21:26:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/01/23 21:26:00 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/01/23 21:26:00 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/01/23 21:25:58 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/01/23 21:25:58 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/01/23 21:25:58 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/01/23 21:25:58 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/01/23 21:25:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/01/23 21:25:57 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/01/23 21:25:57 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/01/23 21:25:56 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/01/23 21:25:56 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/01/23 21:25:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/01/23 21:25:54 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/01/23 21:25:53 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/01/23 21:25:49 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/01/23 21:25:49 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/01/23 21:25:49 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/01/23 21:25:49 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/01/23 21:25:49 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/01/23 21:25:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/01/23 21:25:48 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/01/23 21:25:47 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/01/23 21:25:47 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/01/23 21:25:46 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/01/23 21:25:46 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/01/23 21:25:46 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/01/23 21:17:31 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/01/23 21:17:27 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2009/01/23 21:17:22 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/01/23 21:17:22 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/01/23 21:17:22 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/01/23 21:17:22 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/01/23 21:17:22 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/01/23 21:17:22 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/01/23 21:17:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/01/23 21:17:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/01/23 21:17:22 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/01/23 21:17:21 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/01/23 21:17:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/01/23 21:17:21 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/01/23 21:17:20 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/01/23 21:17:04 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/01/23 21:17:02 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/01/23 21:17:01 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/01/23 21:17:01 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/01/23 21:17:00 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/01/23 21:16:54 | 03,594,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/23 21:16:07 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/01/23 21:16:04 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/01/23 21:16:02 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/01/23 21:15:56 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/01/23 21:15:54 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/01/23 21:15:52 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/01/23 21:14:59 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/01/23 21:14:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Hamachi
[2009/01/23 21:07:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/01/23 21:00:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Netscape
[2009/01/23 20:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Identities
[2009/01/23 14:42:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Adobe
[2009/01/23 14:29:07 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/01/23 14:29:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\My Documents\Simply Super Software
[2009/01/23 14:28:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\WinRAR
[2009/01/23 14:16:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\vlc
[2009/01/23 14:15:10 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Duc\Desktop\µTorrent.lnk
[2009/01/23 14:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\uTorrent
[2009/01/23 13:55:55 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\Duc\Desktop\Windows Media Player.lnk
[2009/01/23 13:55:28 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 13:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\My Documents\Symantec
[2009/01/23 13:03:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Macromedia
[2009/01/23 13:03:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/01/23 12:02:01 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/01/23 12:02:01 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/01/23 12:01:53 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/01/23 11:50:32 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2009/01/23 11:49:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Duc\Application Data\desktop.ini
[2009/01/23 11:49:17 | 00,000,992 | ---- | C] () -- C:\Documents and Settings\Duc\Desktop\Help and Support.lnk
[2009/01/23 11:49:16 | 00,061,752 | ---- | C] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/23 11:49:16 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\fusioncache.dat
[2009/01/23 11:49:15 | 02,109,094 | -H-- | C] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\IconCache.db
[2009/01/23 11:49:14 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Duc\Start Menu\Programs\Startup\desktop.ini
[2009/01/23 11:49:14 | 00,000,074 | -HS- | C] () -- C:\Documents and Settings\Duc\My Documents\desktop.ini
[2009/01/23 11:49:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Duc\Application Data\Microsoft
[2009/01/23 11:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\IsolatedStorage
[2009/01/23 11:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\HP
[2009/01/23 11:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Google
[2009/01/23 11:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\ApplicationHistory
[2009/01/23 11:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Intuit
[2009/01/23 11:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Application Data\Identities
[2009/01/23 11:49:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Duc\My Documents\My Videos
[2009/01/23 11:49:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Duc\My Documents\My Pictures
[2009/01/23 11:49:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Duc\My Documents\My Music
[2009/01/23 11:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\Microsoft
[2009/01/23 11:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Duc\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/01/23 11:44:50 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Register your Notebook.URL
[2009/01/23 11:44:11 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2009/01/23 11:44:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/01/23 11:44:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/01/23 11:44:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/01/23 11:44:11 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2009/01/23 11:44:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2009/01/23 11:44:10 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/01/23 11:44:10 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/01/23 11:44:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/01/23 11:44:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/01/23 11:44:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/01/23 11:44:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2009/01/23 11:38:54 | 53,502,3616 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/23 09:19:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/01/23 08:54:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/18 21:27:28 | 00,494,592 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Duc\Desktop\OTListIt2.exe
[2009/02/18 21:26:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/18 21:24:11 | 00,000,297 | ---- | M] () -- C:\hpqp.ini
[2009/02/18 21:24:07 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/02/18 21:23:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/18 21:23:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/18 21:23:47 | 53,502,3616 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/18 21:23:05 | 00,778,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/02/18 21:23:05 | 00,003,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/02/18 21:23:04 | 05,469,216 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/02/18 21:23:04 | 00,043,808 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/02/18 21:22:04 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/18 21:19:03 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/18 21:19:03 | 00,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/18 21:19:03 | 00,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/18 21:14:41 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/18 21:13:30 | 00,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/18 21:12:30 | 02,109,094 | -H-- | M] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\IconCache.db
[2009/02/18 20:47:55 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/02/18 19:12:33 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/02/17 15:18:06 | 00,094,820 | ---- | M] () -- C:\ComboFix.zip
[2009/02/16 17:22:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/16 17:21:33 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/16 15:25:33 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/02/16 15:25:33 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/02/16 15:25:31 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/02/16 15:25:30 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/02/14 20:33:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/14 20:28:13 | 02,921,379 | R--- | M] () -- C:\Documents and Settings\Duc\Desktop\ComboFix.exe
[2009/02/13 11:01:45 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/13 10:59:23 | 07,521,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\Duc\Desktop\Firefox Setup 3.0.6.exe
[2009/02/11 20:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/08 14:47:02 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 17:30:02 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\Duc\Desktop\dds.scr
[2009/02/05 16:47:49 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Duc\Desktop\HijackThis.lnk
[2009/02/04 15:52:29 | 00,000,263 | RHS- | M] () -- C:\autorun.inf.vir
[2009/02/04 15:36:27 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/02/03 15:35:38 | 00,000,586 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/02/03 15:35:33 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/30 19:22:25 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/01/26 15:13:16 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/24 12:57:50 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/01/24 12:34:43 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/01/24 12:34:43 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/01/24 12:34:43 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/01/24 12:34:43 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/01/24 12:28:48 | 00,000,074 | -HS- | M] () -- C:\Documents and Settings\Duc\My Documents\desktop.ini
[2009/01/24 09:40:57 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/23 21:32:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2009/01/23 21:32:32 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Duc\Start Menu\Programs\Startup\hamachi.lnk
[2009/01/23 21:00:32 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/01/23 14:15:10 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Duc\Desktop\µTorrent.lnk
[2009/01/23 13:55:55 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\Duc\Desktop\Windows Media Player.lnk
[2009/01/23 11:55:52 | 00,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2009/01/23 11:51:45 | 00,061,752 | ---- | M] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/23 11:51:44 | 00,000,126 | ---- | M] () -- C:\Documents and Settings\Duc\Local Settings\Application Data\fusioncache.dat
[2009/01/23 11:51:39 | 00,001,230 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.LNK
[2009/01/23 11:51:38 | 00,001,120 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Photos First 25 Free.LNK
[2009/01/23 11:51:37 | 00,001,424 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blockbuster.LNK
[2009/01/23 11:51:36 | 00,001,284 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Extended Service.LNK
[2009/01/23 11:51:34 | 00,001,080 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Music.LNK
[2009/01/23 11:51:33 | 00,001,062 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Accessories.LNK
[2009/01/23 11:46:58 | 00,002,699 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/01/23 11:46:47 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/01/23 11:46:07 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Register your Notebook.URL
[2009/01/23 10:26:12 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07E3E9D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E97B83A
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:081C5B23
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7843388
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3095C3B0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADDDF689
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A798EB56
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:667565EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40512067
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3F93F73
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A468A21E
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

This is the Extras.txt

OTListIt Extras logfile created on: 2/18/2009 9:27:52 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.18 Folder = C:\Documents and Settings\Duc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.17 Mb Total Physical Memory | 228.18 Mb Available Physical Memory | 44.73% Memory free
1.21 Gb Paging File | 0.95 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85.71 Gb Total Space | 38.78 Gb Free Space | 45.25% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.97 Gb Free Space | 13.08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VUFAMILY
Current User Name: Duc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/01/18 21:57:42 | 03,316,496 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
[2009/01/23 14:15:10 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2009/01/28 21:56:16 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B43A58A-3BE0-4FBD-9238-0EF689549AB6}" = SymNet
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"EsetOnlineScanner" = ESET Online Scanner
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"Galactic Civilizations II - Endless Universe" = Galactic Civilizations II - Endless Universe
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.7.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3123743082-1922380081-4150418505-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2009 10:47:07 PM | Computer Name = VUFAMILY | Source = Application Error | ID = 1000
Description = Faulting application Garena.exe, version 3.0.0.1673, faulting module
Garena.exe, version 3.0.0.1673, fault address 0x00192421.

Error - 2/17/2009 1:54:29 AM | Computer Name = VUFAMILY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error This service is not authorized to start.

Error - 2/17/2009 1:56:28 AM | Computer Name = VUFAMILY | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 2/17/2009 7:08:31 PM | Computer Name = VUFAMILY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error This service is not authorized to start.

Error - 2/17/2009 7:10:31 PM | Computer Name = VUFAMILY | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 2/18/2009 1:52:42 AM | Computer Name = VUFAMILY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error This service is not authorized to start.

Error - 2/19/2009 1:14:08 AM | Computer Name = VUFAMILY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error This service is not authorized to start.

Error - 2/19/2009 1:18:25 AM | Computer Name = VUFAMILY | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 2/19/2009 1:24:07 AM | Computer Name = VUFAMILY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error This service is not authorized to start.

Error - 2/19/2009 1:26:16 AM | Computer Name = VUFAMILY | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

[ System Events ]
Error - 2/16/2009 7:51:25 PM | Computer Name = VUFAMILY | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 2/16/2009 7:51:25 PM | Computer Name = VUFAMILY | Source = Service Control Manager | ID = 7000
Description = The Norton Protection Center Service service failed to start due to
the following error: %%2

Error - 2/16/2009 7:52:38 PM | Computer Name = VUFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ANVU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2A835522-A670-48B5-A46A.
The
master browser is stopping or an election is being forced.

Error - 2/16/2009 9:04:34 PM | Computer Name = VUFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ANVU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2A835522-A670-48B5-A46A.
The
master browser is stopping or an election is being forced.

Error - 2/16/2009 9:09:58 PM | Computer Name = VUFAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 2/16/2009 9:09:58 PM | Computer Name = VUFAMILY | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 2/16/2009 9:09:58 PM | Computer Name = VUFAMILY | Source = Service Control Manager | ID = 7000
Description = The Norton Protection Center Service service failed to start due to
the following error: %%2

Error - 2/16/2009 9:16:36 PM | Computer Name = VUFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ANVU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2A835522-A670-48B5-A46A.
The
master browser is stopping or an election is being forced.

Error - 2/16/2009 10:28:37 PM | Computer Name = VUFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ANVU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2A835522-A670-48B5-A46A.
The
master browser is stopping or an election is being forced.

Error - 2/17/2009 12:04:39 AM | Computer Name = VUFAMILY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ANVU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2A835522-A670-48B5-A46A.
The
master browser is stopping or an election is being forced.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users