Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Windows


  • This topic is locked This topic is locked
15 replies to this topic

#1 killingyouguy

killingyouguy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 06 March 2009 - 10:19 PM

My firewall was down, but now it's back. But my computer is still really slow and I was getting weird errors even after the firewall came back up. I was originally in this thread before being told to post in this forum:

http://www.bleepingcomputer.com/forums/t/208656/computer-was-slow-now-windows-firewall-is-gone/


SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2009 at 02:03 PM

Application Version : 4.25.1014

Core Rules Database Version : 3787
Trace Rules Database Version: 1744

Scan type : Complete Scan
Total Scan Time : 03:17:43

Memory items scanned : 691
Memory threats detected : 0
Registry items scanned : 6822
Registry threats detected : 0
File items scanned : 123543
File threats detected : 133

Adware.Tracking Cookie
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@au.media.xbox360.ign[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@clicktorrent[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teenhosebags[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@traffic.el-ladies[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@media.brandreachsys[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ad2.doublepimp[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.madisonavenue[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@teencelebdb[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@adopt.euroclick[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@tacoda[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@chokertraffic[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@momhairypussy[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teeniesxxx[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@homesweethomesex[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@flagcounter[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@mediamgr.ugo[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@myroitracking[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.queensoferoticteens[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@tubepornomovies[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.sexymaturethumbs[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@bleepmeplz[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.hardsextube[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@clickbangpop[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@adultfriendfinder[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@teeniesxxx[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@sexyaporno[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@te.kontera[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.googleadservices[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.solobleeps[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teenorange[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teentitsass[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@at.atwola[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@audit.median[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@hu.2.cqcounter[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.milfxporn[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www2.addfreestats[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.yaynudeteens[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@tsprotraffic[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.adgoto[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@1xxx.cqcounter[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@adprotraffic[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@badassteens[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.finalteens[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.myyoungsex[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.googleadservices[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.bleepmebleep[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.clicksor[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.petiteteenager[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@privateteenvideo[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@revsci[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@extremepornfilms[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@network.alluremedia.com[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@cgm.adbureau[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@mallteen[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.mothersextube[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@kimmyteen.everestcash[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@yadro[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.feelmyporn[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@adultadworld[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@serw.clicksor[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@devart.adbureau[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@game-advertising-online[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@teenswishes[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.ad4game[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@candycoatedteens[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@djs-teens[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@myaccount.centrelink.gov[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@bigcocksex[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@mediaonenetwork[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.hornymomsvideo[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.wowsexmovie[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@nichetrafficticket[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@dev.hardsextube[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.crakmedia[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@trafficholder[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@media.sensis.com[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.naked8teens[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@petiteteenager[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.clickr[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@iacas.adbureau[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.barackporn[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@adserver.easyad[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@metartteens[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.hairystudy[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@interclick[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.adclickserver[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@teenpussyclub[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@galleries.privateteenvideo[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.pornostrike[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.silkysmoothteens[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.101teengirls[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@sexyandfunny[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@onlyhairywomen[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teenswishes[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.onlyhairypussy[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@abbeysporn[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@imagevenue.advertserve[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@counter.marketplaceadvisor.channeladvisor[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.cheapteenslut[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.bleepingcomputer[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@openx.ventivmedia[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@adultking[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@hardsextube[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.lesbopornvideo[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@sextronix[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.crazyporntube[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.truepornotube[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@fhg.ibleepedhismom[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@nakedneighbour[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teengirltgp[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.blacksexlesbians[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.sexrancher[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@socialmedia[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.adultmoviedir[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@silkysmoothteens[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.trafficadept[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@porndinosaur[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@a1.interclick[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.xxxmaturepost[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teeniebank[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ads.dmtgp[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.homebleeps[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.furrychick[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@ts.protraffic[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.teenworldxxx[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@online-antimalware-scan[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@sexinyourcity[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.naked-nature-girls[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.xxxmilfpics[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.nakedfuzz[1].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@kontera[2].txt
D:\Documents and Settings\Jay Hearfield\Cookies\jay_hearfield@www.africableeping[2].txt

Adware.Casino Games (Golden Palace Casino)
D:\WHOLDEM\CASINO.EXE


DDS Log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Jay Hearfield at 14:16:07.95 on Sat 07/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.184 [GMT 11:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Razer\razerhid.exe
D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Razer\razertra.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Razer\razerofa.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\FRAPS\FRAPS.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\PROGRA~1\Webshots\webshots.scr
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\Jay Hearfield\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.altavista.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - d:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SsAAD.exe] d:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [RemoteCenter] d:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [msnmsgr] "d:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Microsoft Works Update Detection] d:\program files\microsoft works\WkDetect.exe
uRun: [Fraps] d:\fraps\FRAPS.EXE
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Creative MediaSource Go] "d:\program files\creative\mediasource\go\CTCMSGo.exe" /SCB
uRun: [Creative Detector] "d:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [WorksFUD] d:\program files\microsoft works\wkfud.exe
mRun: [USIUDF_Eject_Monitor] d:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [Ulead AutoDetector v2] d:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [SBDrvDet] d:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [razer] d:\program files\razer\razerhid.exe
mRun: [PRONoMgrWired] d:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [DAEMON Tools] "d:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [CTSysVol] d:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "d:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "d:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Ad-Watch] d:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\jayhea~1\startm~1\programs\startup\spywar~1.lnk - d:\program files\spywareguard\sgmain.exe
StartupFolder: d:\docume~1\jayhea~1\startm~1\programs\startup\webshots.lnk - d:\program files\webshots\Launcher.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\common files\microsoft shared\works shared\wkcalrem.exe
IE: &ieSpell Options - d:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - d:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download using LeechGet - file://d:\program files\leechget 2004\\AddUrl.html
IE: Download using LeechGet Wizard - file://d:\program files\leechget 2004\\Wizard.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://d:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://d:\program files\iespell\wikipedia.HTM
IE: Parse with LeechGet - file://d:\program files\leechget 2004\\Parser.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://d:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://d:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - d:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
d:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-3-1 64160]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 ekrn;Eset Service;d:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 950096]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2005-12-8 8192]
R3 Razerlow;Razerlow USB Filter Driver;d:\windows\system32\drivers\Razerlow.sys [2005-11-7 13225]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 NOD32FiXTemDono;Eset Nod32 Boot;d:\windows\system32\regedt32.exe [2001-10-4 3584]
S3 COMMONFX;COMMONFX;d:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;d:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX;CTERFXFX;d:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;d:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 E10cesvhum;E10cesvhum; [x]
S3 Memctl;Memctl;d:\program files\abit\flashmenu\MEMCTL.SYS [2005-11-6 4047]

=============== Created Last 30 ================

2009-03-07 10:38 --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-07 10:36 --d----- d:\program files\SUPERAntiSpyware
2009-03-07 10:36 --d----- d:\docume~1\jayhea~1\applic~1\SUPERAntiSpyware.com
2009-03-06 18:17 345 a------- d:\windows\gmer.ini
2009-03-06 18:00 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-03-06 18:00 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-06 18:00 --d----- d:\program files\Malwarebytes' Anti-Malware
2009-03-02 10:54 --d----- D:\Webshots Data
2009-03-01 16:35 15,688 a------- d:\windows\system32\lsdelete.exe
2009-03-01 12:57 64,160 a------- d:\windows\system32\drivers\Lbd.sys
2009-03-01 12:46 -cd-h--- d:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-15 15:19 5,702 a---h--- d:\windows\nod32restoretemdono.reg
2009-02-15 15:19 568 a---h--- d:\windows\nod32fixtemdono.reg
2009-02-08 19:12 754 a------- d:\windows\WORDPAD.INI

==================== Find3M ====================

2008-12-21 10:15 826,368 a------- d:\windows\system32\wininet.dll
2008-09-11 16:29 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 14:17:12.18 ===============

Attached Files


Edited by killingyouguy, 06 March 2009 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:31 AM

Posted 19 March 2009 - 09:53 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 killingyouguy

killingyouguy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 19 March 2009 - 04:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:22 AM, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
D:\Program Files\Razer\razerhid.exe
D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\Program Files\Razer\razerofa.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\FRAPS\FRAPS.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\PROGRA~1\Webshots\webshots.scr
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Java\jre6\bin\jucheck.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Razer\razertra.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [PRONoMgrWired] D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] D:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: E10cesvhum - Intel Corporation - (no file)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12608 bytes

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:31 AM

Posted 21 March 2009 - 11:46 AM

Please see this link for information regarding PnkBstrA.exe and/or PnkBstrB.exe. and this thread in the Punkbuster Forums. If you have a version older than PB Client version 1.700, then the components could be causing a problem.

Are the new components optional?

Starting with PB Client version 1.700, the new components are required. Uninstalling and/or disabling the new components will cause PunkBuster to stop working correctly and will cause frequent kicking from PunkBuster enabled servers.
  • If you have a version older than PB Client version 1.700, then the files, PnkBstrA.exe and/or PnkBstrB.exe, could be causing a problem.
  • If you wish to uninstall the two files, then please download the this application.
  • Open the program above and click the Uninstall button. This will remove the PnkBstrA.exe and PnkBstrB.exe service.
  • Some may need to remove the registry entries.
  • Go to START > RUN. Type regedit.
  • Search in these parts:

    HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Services look for PnkBstrA PnkBstrB and PnkBstrK .. just right click on the folder listed on the left and delete.
    HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Services look for PnkBstrA PnkBstrB and PnkBstrK .. just right click on the folder listed on the left and delete.

  • PnkBstrK.sys is located in C:\windows\system32\drivers and it is safe to delete.

This is the issue with infections in relation to PunkBuster:

You have installed gaming tools. Some of these, like PunkBuster, use spyware techniques to engage in the anti-piracy battle. In the process, they take control of much of your computer and they actually meet the definition of spyware/malware. They are sometimes designed to prevent orderly removal or modification. It is not likely that your computer could be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games or worse.

Since we are dedicated to causing No Harm, normally, we will not work on computers with this type of program installed. If you want to continue using your computer in this way, you should consider using imaging software like Norton Ghost or Acronis or Terabyte Image which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe. If you really want to clean your computer, I will help, but if you so choose, understand there is NO assurance you will be able to do games afterwards.

Additional Information Regarding PunkBuster Enabled Games
  • PunkBuster is not considered to be overtly malicious, but it is totally self-serving, even at the expense of user safety, and the risks and tactics that come with its use are not revealed in an open manner.
  • PunkBuster is tracking software which installs a server on the user's computer, establishes unique GUIDs, phones home, and sends screenshots.
  • Permission for PunkBuster to install and perform the tracking is assumed by them to be implicit in any associated gaming software installation. (Automatic installation during a request for something else.) This is characteristic of trojans.
  • PunkBuster appears to install itself secretly without warning on any computer that attempts to play certain online games.
  • There is no regular uninstaller. Why not? (There IS a special uninstaller-see link below.)
  • Some do not view the whole picture as healthy for anything but the game promoters.
  • PunkBuster requires elevated privileges to run on Vista.
  • The PunkBuster home site routinely suggests that users who have problems disable the antivirus applications and firewalls and change settings on their routers.
  • PunkBuster installs a kernel driver. Once you let that happen, the software could do anything it wants.
  • If this software were an application for any other purpose, it would be called unstable and unacceptable (maybe an alpha release?).
  • From a random infection victim, you certainly will never know how many system instabilities have been introduced by the victim's attempts to run PunkBuster games.
  • It is quite clear that some of our tools are not likely to run while PunkBuster is present on the computer. It conflicts with kernel level debuggers and says so.
  • The attitude that the computer should be modified in whatever manner necessary to get PunkBuster to run is not consistent with our site's "Do No Harm" policy.
  • The lack of transparency about how the services and kernel driver work may be necessary for PunkBuster, but it also creates potential difficulty for infections removal.
Some posts from the EvenBalance/PunkBuster home site:

My computer locks up or "chugs" sometimes while I'm playing PunkBuster Enabled, what can cause this?
PunkBuster "pushes" hardware and the Windows Operating System more than most software and uses functions in the Windows API (low level functions) that are not used by most other programs. As such, there are a few cases where using PB can actually expose flaky hardware or other situations that do not causes problems for other software. Here are a few things that have helped other users make these problems get better or go away completely:

  • Make sure you are using the latest version of BunkBuster (the latest version is always on our Download page) - also this link may help manually update your PunkBuster to the latest version when necessary. From the game's main screen, press the tilde key (the ~ key) to bring down the console and enter the following line, /pb_system1.
  • Never close other programs from your Windows Task Manager before playing the game; either leave them running or close them through the proper interface - killing a process does not always work completely even if it stops showing in the Task Manager. Renegade threads seem to conflict with PunkBuster more than other programs that may be running in memory. There is a free utility that some players use called EndItAll2 to close all extra programs before they play to avoid software conflicts, crashes, and lockups.
  • Check the Add Or Remove Programs list in your Control Panel and uninstall any programs that you do not use or that you do not know what they are.
  • One program that seems to conflict with PunkBuster more than others is Norton Antivirus. If you have it installed, try uninstalling it to see if the lockups go away. Some players have reported that when this is the culprit, they can reinstall Norton Antivirus and the lockups do not come back.
  • Other background programs that seem to conflict with PunkBuster for some users are Sound Blaster Live software and helper programs that come with video cards, especially ATI keyboard shortcut programs.
  • Some players discovered that they had a computer virus and that the lockups vanished after it was fully removed.
  • Experiment with the pb_sleep setting, try setting it to 20, 250, or 500 to see if that affects your game performance. A few players have reported that all the problems go away when they "tweak" this setting.
  • In extreme cases, a few users have reported that replacing their RAM (memory) or video/sound cards fixed the problem.

How do I uninstall PunkBuster?
If you do not wish to use PunkBuster any longer, you may remove the entire "pb" folder inside your game folder. By removing this folder, the PunkBuster software will no longer be available. PunkBuster does not save information to other locations on your hard drive nor does it change your system registry. *NOTICE* Starting with PunkBuster client version 1.3000, our new Service components are kept in the Windows folder on the hard drive and they do store information in the registry. We offer a separate program called PBSVC with an uninstall option for our service components. It may be downloaded from here.

My game crashes with an error in pbcl.dll or a General Protection Fault. Why?
This issue can be from a program that conflicts with PunkBuster. There are a few known programs that cause this: [list]

  • Get Right
  • DU Super Controller
  • Macro Toolsworks
  • Girder 3.2
  • PRTG Traffic Grapher
  • CyberCorder: cybrcrdr.exe
  • Paessler Router Traffic Grapher: prtg4.exe
  • 3dnasys.exe
  • mIRCStats
  • Closing those programs or any like them that contain user or kernel level debuggers should stop the problem.

    Privacy Policy of Even Balance, Inc.
    Due to the unique nature of how PunkBuster software operates, we have developed this Statement to describe our Policy regarding the Privacy of the users of our software. The PunkBuster system is designed specifically to allow users to optionally hold themselves accountable by allowing our software to run in the background on their computer systems while they compete in various forms of multi-player events. Our software is designed to operate in typical client / server fashion using the common Tcp/lp (Internet)protocol. Our software inspects the displayed screen, processes, and files associated with each computer system on which it is running for the purpose of authenticating those systems for play in a "cheat free" environment. The primary purpose of the scanning procedures is to inspect for the purpose of authenticating honest users who wish to compete fairly together. Our inspection procedures consists of three types: 1) validating that only non-hacked original software is being used during multi-player competition. 2) examining files that match the profile (or signature) of known cheating programs, and 3) sending screen captures during game-play. Our software does not, nor will it ever, without the explicit consent of users, make changes to any non-PunkBuster files on users' systems (such consent would be received through a confirmation action within the PunkBuster software and not as part of our Software Terms.) Furthermore, our software will not perform "hard disk scans" looking through large portions of users' directories and/or file systems. Private data is not transmitted by PunkBuster from a user's system to a PunkBuster server - all transmissions from users' systems will be encrypted using randomized keys that are meaningful within the context of providing a mutually agreeable "cheat free" online environment. Screenshots of game-play are not considered private data by PunkBuster. The PunkBuster anti-cheat system will not attempt to permanently retain information about users' systems other than standard logging of connection and authentication / inspection activities. We encourage any and all auditing or monitoring of the activity of our system for the purpose of verifying that our software performs according to this Policy Statement. We will cooperate fully with any party who believes that they have found any case where our system is being or could be used to breach the privacy of the users of our software.

    The primary purpose... What could be a secondary purpose?
    The fact that information sent back to servers is encrypted has nothing to do with Private data being sent.

    Please uninstall PunkBuster and post a new HijackThis log.

    Edited by suebaby41, 21 March 2009 - 11:50 AM.

    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #5 killingyouguy

    killingyouguy
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:10:31 PM

    Posted 21 March 2009 - 06:31 PM

    I haven't played any Punkbuster-required games for a long time

    It's gone.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:30:15 AM, on 22/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\System32\CTsvcCDA.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    D:\Program Files\Razer\razerhid.exe
    D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    D:\Program Files\Razer\razerofa.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\FRAPS\FRAPS.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\PROGRA~1\Webshots\webshots.scr
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\SpywareGuard\sgbhp.exe
    D:\Program Files\Java\jre6\bin\jucheck.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\Program Files\Razer\razertra.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] D:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: E10cesvhum - Intel Corporation - (no file)
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12499 bytes

    #6 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:07:31 AM

    Posted 23 March 2009 - 10:42 AM

    Step 1

    You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

    Step 2

    Ensure that you have the latest version of Adobe® Reader®. If you do not have the latest version, you may want to download the latest version, Adobe® Reader® 9.

    Step 3

    Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.
    • Please download the ATF-Cleaner by Atribune.
    • Double-click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:
      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch (Windows XP) only
      • Java Cache
    • The rest are optional - if you want to remove them all, check Select All.
    • Click the Empty Selected button.
    • When you get the Done Cleaning message, click OK.
    • Follow the same steps for Firefox or Opera. You have the option of checking No if you want to save your passwords.
    • Click Exit on the Main menu to close the program.
    Step 4

    In Normal Mode, run an online malware check from at least two and preferably three (one may catch something that another one may not) of the following sites
    BitDefender
    Kaspersky Online Virus Scanner
    McAfee FreeScan
    Panda's ActiveScan
    Trend Micro™ HouseCall
    Windows Live Safety Center Free Online Scan
    WindowSecurity.com TrojanScan
    When you have completed the scans, if you get a report of files that cannot be cleaned / deleted, make a note of the file location of anything that cannot be cleaned / deleted. Please edit the log(s) and remove:
    • items listed as "Object is locked skipped"
    • items reported that are in a quarantine folder
    Please post the edited list in your next reply.

    Step 5

    I recommend using Spyware Blaster.
    • Please download SpywareBlaster and save it to your desktop.
    • Double click on it to install the program.
    • Follow the prompts and choose the default locations when installing the program.
    • When the program is installed, it will place an icon on your desktop.
    • Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. On the first page of this tutorial, you will see some of the SpywareBlaster features
    • Click on the Next button to proceed to the second page of the tutorial.
    • If you want to purchase the software, then you should select Automatic Updating. If you do not plan on purchasing the software, then you should select the option for Manual Updating. Press the Next button.
    • At the next screen, click Finish.
    • At the next screen, Protection Status, click Enable All Protection.
    • Click Download Latest Protection Updates. This will ensure that SpywareBlaster has the latest definitions so that it can protect your browser more efficiently. You should update SpywareBlaster regularly, as much as every few days, in order to provide the best protection. Each time you update, be sure to click Enable All Protection.
    Step 6

    Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
    • Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
    • Double-click on mbam-rules.exe to install.
    • On the Scanner tab, make sure the Perform Quick Scan option is selected.
    • Click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully.
    • At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Step 7

    Check your computer with anti-rootkit applications. I recommend avast! antirootkit or Trend Micro RootkitBuster.

    Step 8

    Check to see if you have insecure applications with
    Secunia Software Inspector.

    Step 9
    • According to your Internet connection, please disconnect from the Internet. Close ALL browser windows (including this one).
      • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
      • Turn your modem off.
      • Disconnect your modem cable from your computer.
    • Turn the device off for Hand-held wireless connections.
    • Exit all processes and items in your System tray.
    Step 10

    During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
    These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
    To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
    When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.
    Please disable the following program(s):

    SUPERAntiSpyware

    We need to disable SUPERAntiSpyware as it may interfere with the fixes that we need to make.
    • Right click on the icon in your System Tray.
    • Click Exit
    • Make sure that the program, SUPERAntiSpyware itself, is also closed/not running.
    Now we will address the HijackThis fixes.

    Spybot - S&D TeaTimer

    We need to disable Spybot TeaTimer as it may interfere with the cleaning.
    Please do not enable it until I tell you that your HijackThis log is clean.

    Step A
    • Right-click the Spybot icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the new version 1.5, Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked. The Spybot icon in the System Tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident.
    Step B

    Second step, For Either Version :
    • Open Spybot S&D.
    • Click Mode, choose Advanced Mode.
    • Go To the bottom of the vertical Panel on the Left, Click Tools.
    • In left panel, click Resident (shows a red/white shield).
    • If your firewall raises a question, say OK.
    • In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
    • OK any prompts.
    • Use File > Exit to terminate Spybot.
    • Reboot your machine for the changes to take effect.
      Don't forget to restart Spybot - Search and Destroy's Teatimer when your machine is clean and undo the changes above.
    Spyware Guard

    We need to disable your SpywareGuard as it may interfere with the fixes that we need to make.
    • Right click the running icon of Spyware Guard in the system tray to open the program.
    • Click Options in the left panel. Under General Protection Options, uncheck them all.
    • Click Save Settings. A popup window will confirm the settings were saved.
    • Click the X in the top right corner of the window to exit.
    Do not forget to restart SpywareGuard when your machine is clean.


    Step 11

    Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE


    Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

    Step 12

    Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

    Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

    Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

    Read the articles below to see if it applies to your computer problem with being slow to respond.
    Slow_Computer_Check_here_first_it_may_not_be_malware.
    Help! My computer is slow!
    50 Tips for a Super Fast PC
    4 Ways to Speed Up Your Computer's Performance
    It's not always malware: How to fix the top 10 Internet Explorer issues

    If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

    Step 13

    Please run HijackThis in Normal Mode and post:
    • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
    • the log from MalwareBytes
    • a new HijackThis log
    Please advise me of any problems you still have.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #7 killingyouguy

    killingyouguy
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:10:31 PM

    Posted 26 March 2009 - 04:47 AM

    Scanned with BitDefender, found & deleted Trojan: Trojan.Generic.1329881

    Scanned with Kapersky, found nothing.

    Scanned with Windows TrojanScan (I think it was), found traces & cookies; can't remember if it deleted them or not.

    Scanned with Malwarebytes' Anti-Malware, found nothing.

    Malwarebytes' Anti-Malware 1.34
    Database version: 1894
    Windows 5.1.2600 Service Pack 3

    26/03/2009 5:05:21 AM
    mbam-log-2009-03-26 (05-05-21).txt

    Scan type: Quick Scan
    Objects scanned: 80807
    Time elapsed: 14 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Scanned with Avast! Anti-Rootkit, found some things (couldn't figure out how to delete them).

    avast! Antirootkit, version 0.9.6
    Scan started: Thursday, 26 March 2009 11:05:25 AM

    Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}] **HIDDEN**
    Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}] iaafflmljookimjoon=(binary value) **HIDDEN**
    Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}] hagelniplmdhhbdc=(binary value) **HIDDEN**
    Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D169C69D-2513-7DBC-477F-3AB47DD3B349}] iagelnnojlepfmaiab=(binary value) **HIDDEN**

    Scan finished: Thursday, 26 March 2009 11:19:46 AM
    Hidden files found: 0
    Hidden registry items found: 4
    Hidden processes found: 0
    Hidden services found: 0
    Hidden boot sectors found: 0


    Scanned with RootkitBuster, found nothing.

    Scanned with HijackThis & deleted those entries mentioned.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:33:31 PM, on 26/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\System32\CTsvcCDA.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    D:\Program Files\Razer\razerhid.exe
    D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Razer\razertra.exe
    D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    D:\Program Files\Razer\razerofa.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\FRAPS\FRAPS.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    D:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\PROGRA~1\Webshots\webshots.scr
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: E10cesvhum - Intel Corporation - (no file)
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11885 bytes


    Oh, and recently everytime I start windows it opens up the windows leading to D:\Program Files\Microsoft and shows a Search Enhancement Pack folder. Don't know why.

    Edited by killingyouguy, 26 March 2009 - 04:49 AM.


    #8 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:07:31 AM

    Posted 26 March 2009 - 03:02 PM

    Error. Post deleted. Further instructions will follow.

    Edited by suebaby41, 26 March 2009 - 06:36 PM.

    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #9 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:07:31 AM

    Posted 03 April 2009 - 06:26 AM

    • Please download OTScanIt2.exe  to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
    • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and do not use the computer while the scan runs.
    • Click the Run Scan button on the toolbar. Make sure not to use the computer while the program is running or it will freeze.
    • When the scan is complete, Notepad will open with the report file.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it.
    Use the Add Reply button and post the information in your next reply. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in your reply. If necessary, use more than one post.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #10 killingyouguy

    killingyouguy
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:10:31 PM

    Posted 05 April 2009 - 08:59 PM

    OTScanIt2 logfile created on: 6/04/2009 11:45:56 AM - Run 1
    OTScanIt2 by OldTimer - Version 1.0.12.0 Folder = D:\Documents and Settings\Jay Hearfield\Desktop\OTScanIt2
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1023.48 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 39.18% Memory free
    2.41 Gb Paging File | 1.67 Gb Available in Paging File | 69.57% Paging File free
    Paging file location(s): D:\pagefile.sys 1536 3072;

    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
    C: Drive not present or media not loaded
    Drive D: | 74.52 Gb Total Space | 8.45 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
    Drive E: | 3.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    Drive G: | 18.55 Gb Total Space | 4.74 Gb Free Space | 25.55% Space Free | Partition Type: FAT32
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JAY
    Current User Name: Jay Hearfield
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = 30 Days

    [Processes - Safe List]
    aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/03/15 11:57:52 | 00,951,632 | ---- | M] (Lavasoft)
    aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/03/08 11:58:42 | 00,515,416 | ---- | M] (Lavasoft)
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
    ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2008/07/04 13:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.)
    ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2008/07/04 13:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.)
    ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\ccc.exe -> [2006/09/29 09:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.)
    ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> [2004/12/02 17:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
    ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE -> [2003/06/18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd)
    ctsvccda.exe -> %SystemRoot%\System32\CTsvcCDA.exe -> [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
    ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd)
    daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> [2006/11/12 20:48:46 | 00,157,592 | ---- | M] (DT Soft Ltd.)
    egui.exe -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe -> [2008/02/20 10:06:58 | 01,443,072 | ---- | M] (ESET)
    ekrn.exe -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2008/02/20 10:08:46 | 00,472,320 | ---- | M] (ESET)
    explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/14 10:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
    fraps.exe -> %SystemDrive%\FRAPS\FRAPS.EXE -> [2005/08/15 23:16:25 | 00,757,760 | ---- | M] ()
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2009/03/12 19:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
    jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/24 13:35:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    jucheck.exe -> %ProgramFiles%\Java\jre6\bin\jucheck.exe -> [2009/03/24 13:35:12 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.)
    jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/03/24 13:35:12 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
    mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> [2006/09/29 09:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.)
    monitor.exe -> %CommonProgramFiles%\Ulead Systems\AutoDetector\monitor.exe -> [2005/05/23 08:57:42 | 00,090,112 | ---- | M] (Ulead Systems, Inc.)
    msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    mspmspsv.exe -> %SystemRoot%\System32\MsPMSPSv.exe -> [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
    otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/05 15:56:10 | 00,493,568 | ---- | M] (OldTimer Tools)
    pronomgr.exe -> %ProgramFiles%\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe -> [2003/08/06 15:08:00 | 00,086,016 | ---- | M] (Intel® Corporation)
    razerhid.exe -> %ProgramFiles%\Razer\razerhid.exe -> [2005/05/17 18:21:12 | 00,147,456 | ---- | M] ()
    razerofa.exe -> %ProgramFiles%\Razer\razerofa.exe -> [2005/01/18 01:06:12 | 00,143,360 | ---- | M] (Razer Inc.)
    razertra.exe -> %ProgramFiles%\Razer\razertra.exe -> [2005/04/06 20:32:24 | 00,114,688 | ---- | M] ()
    rcman.exe -> %ProgramFiles%\Creative\MediaSource\RemoteControl\RCMan.EXE -> [2003/10/08 15:35:42 | 00,139,264 | ---- | M] (Creative Technology Ltd)
    sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [2003/08/29 11:14:56 | 00,233,472 | ---- | M] ()
    sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [2003/08/29 19:05:35 | 00,360,448 | ---- | M] ()
    ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [2006/11/02 12:43:10 | 00,472,632 | ---- | M] ()
    superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2009/02/17 10:43:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
    teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 14:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
    ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
    unsecapp.exe -> %SystemRoot%\System32\wbem\unsecapp.exe -> [2001/10/04 17:16:28 | 00,016,896 | ---- | M] (Microsoft Corporation)
    usisrv.exe -> %CommonProgramFiles%\Ulead Systems\DVD\USISrv.exe -> [2004/05/28 05:50:20 | 00,081,920 | ---- | M] (Ulead Systems)
    utorrent.exe -> %UserProfile%\Desktop\utorrent.exe -> [2008/08/14 09:25:20 | 00,267,056 | ---- | M] (BitTorrent, Inc.)
    webshots.scr -> %ProgramFiles%\Webshots\webshots.scr -> [2004/09/16 08:52:42 | 01,605,632 | ---- | M] (Webshots.com)
    wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> [2000/07/14 06:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation)
    wlcomm.exe -> %ProgramFiles%\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
    wmiprvse.exe -> %SystemRoot%\System32\wbem\wmiprvse.exe -> [2008/04/14 10:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
    wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
    wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\WMPNSCFG.exe -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)

    [Win32 Services - Safe List]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2005/11/07 20:15:17 | 00,068,096 | ---- | M] ()
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
    (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation)
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> [2008/07/04 13:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.)
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2008/07/03 21:05:00 | 00,593,920 | ---- | M] ()
    (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
    (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> -> File not found
    (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\System32\CTsvcCDA.exe -> [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
    (E10cesvhum) E10cesvhum [Win32_Own | On_Demand | Stopped] -> -> File not found
    (EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2008/02/20 10:14:52 | 00,019,200 | ---- | M] (ESET)
    (ekrn) Eset Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2008/02/20 10:08:46 | 00,472,320 | ---- | M] (ESET)
    (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
    (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 10:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
    (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/24 13:35:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/03/15 11:57:52 | 00,951,632 | ---- | M] (Lavasoft)
    (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> [2006/10/04 17:25:00 | 00,057,344 | ---- | M] (Sony Corporation)
    (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2003/07/16 11:37:58 | 00,143,360 | ---- | M] (Intel® Corporation)
    (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
    (NOD32FiXTemDono) Eset Nod32 Boot [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\regedt32.exe -> [2001/10/04 17:16:02 | 00,003,584 | ---- | M] (Microsoft Corporation)
    (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [2006/10/04 17:15:30 | 00,057,344 | ---- | M] (Sony Corporation)
    (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> [2006/10/04 17:06:58 | 00,069,632 | ---- | M] (Sony Corporation)
    (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> [2006/11/02 11:31:14 | 00,069,632 | ---- | M] (Sony Corporation)
    (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
    (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\MsPMSPSv.exe -> [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
    (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

    [Driver Services - Safe List]
    (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> [2008/07/04 16:33:33 | 03,230,720 | ---- | M] (ATI Technologies Inc.)
    (ATIAVAIW) ATI T200 Unified AVStream service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\atinavt2.sys -> [2008/05/15 11:24:32 | 00,171,520 | ---- | M] (ATI Technologies Inc.)
    (atinevxx) ATI WDM Rage Theater Video NSP [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\atinevxx.sys -> [2005/02/01 13:42:58 | 00,165,888 | ---- | M] (ATI Technologies Inc.)
    (atinrvxx) ATI WDM Rage Theater Video [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\atinrvxx.sys -> [2004/08/04 11:08:30 | 00,105,984 | ---- | M] (ATI Technologies Inc.)
    (atksgt) atksgt [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\atksgt.sys -> [2007/01/01 07:59:06 | 00,271,360 | ---- | M] ()
    (COMMONFX) COMMONFX [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\COMMONFX.SYS -> [2008/06/27 19:21:18 | 00,099,352 | ---- | M] (Creative Technology Ltd)
    (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctac32k.sys -> [2005/12/08 10:54:32 | 00,501,760 | ---- | M] (Creative Technology Ltd)
    (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> [2005/12/08 10:55:46 | 00,439,296 | ---- | M] (Creative Technology Ltd)
    (CTAUDFX) CTAUDFX [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CTAUDFX.SYS -> [2008/06/27 19:21:26 | 00,555,032 | ---- | M] (Creative Technology Ltd)
    (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ctdvda2k.sys -> [2005/11/10 16:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd)
    (CTERFXFX) CTERFXFX [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CTERFXFX.SYS -> [2008/06/27 19:21:44 | 00,100,888 | ---- | M] (Creative Technology Ltd)
    (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctprxy2k.sys -> [2005/12/08 10:55:48 | 00,007,168 | ---- | M] (Creative Technology Ltd)
    (CTSBLFX) CTSBLFX [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CTSBLFX.SYS -> [2008/06/27 19:21:38 | 00,566,296 | ---- | M] (Creative Technology Ltd)
    (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctsfm2k.sys -> [2005/12/08 10:54:42 | 00,142,336 | ---- | M] (Creative Technology Ltd)
    (E1000) Intel® PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\e1000325.sys -> [2003/08/14 16:46:48 | 00,125,952 | R--- | M] (Intel Corporation)
    (eamon) eamon [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\eamon.sys -> [2008/02/20 10:01:30 | 00,039,944 | ---- | M] (ESET)
    (easdrv) easdrv [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\easdrv.sys -> [2008/02/20 10:02:22 | 00,029,704 | ---- | M] (ESET)
    (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\emupia2k.sys -> [2005/12/08 10:54:40 | 00,077,824 | ---- | M] (Creative Technology Ltd)
    (epfwtdir) epfwtdir [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\epfwtdir.sys -> [2008/02/20 10:11:16 | 00,033,800 | ---- | M] ()
    (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\gameenum.sys -> [2008/04/14 04:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
    (GcKernel) Microsoft SideWinder Value Add - Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\GcKernel.sys -> [2008/04/14 04:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation)
    (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2009/01/15 11:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.)
    (gmer) gmer [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\gmer.sys -> [2009/03/06 17:17:05 | 00,085,969 | ---- | M] (GMER)
    (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ha10kx2k.sys -> [2005/12/08 10:55:02 | 00,754,176 | ---- | M] (Creative Technology Ltd)
    (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\hap16v2k.sys -> [2005/12/08 10:55:04 | 00,154,112 | ---- | M] (Creative Technology Ltd)
    (hap17v2k) Creative P17V HAL Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hap17v2k.sys -> [2005/12/08 10:55:08 | 00,179,712 | ---- | M] (Creative Technology Ltd)
    (HIDSwvd) Microsoft SideWinder Virtual HID Device Mini-Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HIDSwvd.sys -> [2001/08/17 13:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation)
    (Lbd) Lbd [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\Lbd.sys -> [2009/03/08 12:00:24 | 00,064,160 | ---- | M] (Lavasoft AB)
    (lirsgt) lirsgt [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\lirsgt.sys -> [2006/09/07 10:31:01 | 00,018,048 | ---- | M] ()
    (ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ltmdmnt.sys -> [2004/08/04 15:41:35 | 00,606,684 | ---- | M] (LT)
    (MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\maspint.sys -> [2002/06/21 17:42:50 | 00,008,224 | ---- | M] (MicroStaff Co.,Ltd.)
    (Memctl) Memctl [Kernel | On_Demand | Stopped] -> %ProgramFiles%\ABIT\FlashMenu\Memctl.sys -> [2001/11/29 18:49:56 | 00,004,047 | ---- | M] ()
    (MPE) BDA MPE Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\MPE.sys -> [2008/04/14 04:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation)
    (MVDCODEC) ATI WDM Specialized MVD Codec [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\atinmdxx.sys -> [2004/08/04 11:08:36 | 00,013,824 | ---- | M] (ATI Technologies Inc.)
    (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2005/12/08 10:54:52 | 00,114,688 | ---- | M] (Creative Technology Ltd.)
    (pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> [2008/06/19 15:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.)
    (PfDetNT) PfDetNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PfModNT.sys -> [2005/12/08 11:20:14 | 00,008,192 | ---- | M] (Creative Technology Ltd.)
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2001/10/04 17:16:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2005/04/25 19:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
    (Razerlow) Razerlow USB Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\Razerlow.sys -> [2005/04/24 22:43:58 | 00,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd)
    (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/02/17 10:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2009/02/17 10:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> [2009/02/17 10:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\System32\drivers\scdemu.sys -> [2008/06/12 16:28:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.)
    (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007/11/13 20:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfdrv01.sys -> [2004/11/26 02:41:08 | 00,046,080 | ---- | M] (Protection Technology)
    (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfhlp02.sys -> [2004/10/28 20:47:59 | 00,006,656 | ---- | M] (Protection Technology)
    (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfsync02.sys -> [2004/11/30 04:14:30 | 00,019,648 | ---- | M] (Protection Technology)
    (SI3114r) SiI-3114 SATARaid Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\SI3114R.sys -> [2006/04/10 18:08:10 | 00,103,168 | ---- | M] (Silicon Image, Inc)
    (SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\SiWinAcc.sys -> [2004/11/01 10:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.)
    (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2006/12/17 15:38:28 | 00,639,224 | ---- | M] ()
    (tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2009/03/26 10:25:13 | 00,153,104 | ---- | M] (Trend Micro Inc.)
    (ULCDRHlp) ULCDRHlp [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\ULCDRHlp.sys -> [2004/09/20 20:37:20 | 00,027,360 | ---- | M] (Ulead Systems, Inc.)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/14 04:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
    (USIUDF) USIUDF [File_System | System | Running] -> %SystemRoot%\System32\Drivers\USIUDF.sys -> [2004/07/07 02:33:02 | 00,292,896 | ---- | M] (Ulead Systems, Inc.)
    (WINFLASH) WINFLASH [Kernel | On_Demand | Stopped] -> %ProgramFiles%\ABIT\FlashMenu\WinFlash.sys -> [2002/09/17 11:55:06 | 00,003,548 | ---- | M] ()

    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
    HKEY_CURRENT_USER\: Main\\"Local Page" -> D:\WINDOWS\system32\blank.htm ->
    HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. ->
    HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.altavista.com/ ->
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
    HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
    < FireFox Settings [Prefs.js] > -> D:\Documents and Settings\Jay Hearfield\Application Data\Mozilla\FireFox\Profiles\7zk11d5u.default\prefs.js ->
    browser.search.searchbox.width -> 207 ->
    browser.search.selectedEngine -> "Google" ->
    browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions -> ->
    HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/24 13:35:14 | 00,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > ->
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{06CC82D4-29FB-4082-81AA-A445F8A13F0A} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{21350f60-90a5-11da-a72b-0800200c9a66} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{c24aecc7-7c95-507f-d71f-155cb86656df} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{dc0fa13d-3daf-73ec-e852-912722c85309} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{dc572301-7619-498c-a57d-39143191b318} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{EC4F59B4-DF68-11DA-9B41-B622A1EF5492} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\filtersetg@updater -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\staged-xpis -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    -> D:\Documents and Settings\Jay Hearfield\Application Data\mozilla\Firefox\Profiles\7zk11d5u.default\extensions\videodowloader@videodownloader.net -> [2008/07/24 00:11:30 | 00,087,141 | ---- | M] ()
    < HOSTS File > (301761 bytes and 10454 lines) -> D:\WINDOWS\System32\drivers\etc\Hosts ->
    First 25 entries...
    Reset Hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.123haustiereundmehr.com
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 11:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
    {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 00,192,512 | R--- | M] ()
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 15:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java™ Plug-In 2 SSV Helper] -> [2009/03/24 13:35:10 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/24 13:35:14 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{D593DE91-7B41-45C2-830E-E9A99AB142AA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\Reader_sl.exe ["D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 16:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
    "Ad-Watch" -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe [D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/03/08 11:58:42 | 00,515,416 | ---- | M] (Lavasoft)
    "CTDVDDET" -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE ["D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"] -> [2003/06/18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd)
    "CTSysVol" -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r] -> [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd)
    "DAEMON Tools" -> %ProgramFiles%\DAEMON Tools\daemon.exe ["D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2006/11/12 20:48:46 | 00,157,592 | ---- | M] (DT Soft Ltd.)
    "egui" -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe ["D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2008/02/20 10:06:58 | 01,443,072 | ---- | M] (ESET)
    "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["D:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/03/12 19:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
    "PRONoMgrWired" -> %ProgramFiles%\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe] -> [2003/08/06 15:08:00 | 00,086,016 | ---- | M] (Intel® Corporation)
    "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["D:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/01/05 15:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
    "razer" -> %ProgramFiles%\Razer\razerhid.exe [D:\Program Files\Razer\razerhid.exe] -> [2005/05/17 18:21:12 | 00,147,456 | ---- | M] ()
    "SBDrvDet" -> %ProgramFiles%\Creative\SB Drive Det\SBDrvDet.exe [D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r] -> [2002/12/03 17:06:52 | 00,045,056 | ---- | M] (Creative Technology Ltd)
    "StartCCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2008/01/21 12:17:18 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
    "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["D:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/24 13:35:12 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    "Ulead AutoDetector v2" -> %CommonProgramFiles%\Ulead Systems\AutoDetector\monitor.exe [D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe] -> [2005/05/23 08:57:42 | 00,090,112 | ---- | M] (Ulead Systems, Inc.)
    "USIUDF_Eject_Monitor" -> %CommonProgramFiles%\Ulead Systems\DVD\USISrv.exe [D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe] -> [2004/05/28 05:50:20 | 00,081,920 | ---- | M] (Ulead Systems)
    "WorksFUD" -> %ProgramFiles%\Microsoft Works\wkfud.exe [D:\Program Files\Microsoft Works\wkfud.exe] -> [2000/07/14 06:00:00 | 00,024,576 | ---- | M] (Microsoft® Corporation)
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Creative Detector" -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe ["D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R] -> [2004/12/02 17:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
    "Fraps" -> %SystemDrive%\FRAPS\FRAPS.EXE [D:\FRAPS\FRAPS.EXE] -> [2005/08/15 23:16:25 | 00,757,760 | ---- | M] ()
    "Microsoft Works Update Detection" -> %ProgramFiles%\Microsoft Works\WkDetect.exe [D:\Program Files\Microsoft Works\WkDetect.exe] -> [2000/07/14 06:00:00 | 00,028,739 | ---- | M] (Microsoft® Corporation)
    "msnmsgr" -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe ["D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    "RemoteCenter" -> %ProgramFiles%\Creative\MediaSource\RemoteControl\RCMan.EXE [D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE] -> [2003/10/08 15:35:42 | 00,139,264 | ---- | M] (Creative Technology Ltd)
    "SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 14:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
    "SsAAD.exe" -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe [D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] -> [2006/11/02 12:43:10 | 00,472,632 | ---- | M] ()
    "SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2009/02/17 10:43:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
    "WMPNSCFG" -> %ProgramFiles%\Windows Media Player\WMPNSCFG.exe [D:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
    < All Users Startup Folder > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> [2000/07/14 06:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation)
    < Jay Hearfield Startup Folder > -> D:\Documents and Settings\Jay Hearfield\Start Menu\Programs\Startup ->
    %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [2003/08/29 19:05:35 | 00,360,448 | ---- | M] ()
    %UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe -> [2004/09/16 08:46:18 | 00,045,056 | ---- | M] ()
    < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [227] -> File not found
    \\"NoDrives" -> [0] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"HonorAutoRunSetting" -> [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"dontdisplaylastusername" -> [0] -> File not found
    \\"legalnoticecaption" -> [] -> File not found
    \\"legalnoticetext" -> [] -> File not found
    \\"shutdownwithoutlogon" -> [1] -> File not found
    \\"undockwithoutlogon" -> [1] -> File not found
    \\"DisableRegistryTools" -> [0] -> File not found
    \\"HideLegacyLogonScripts" -> [0] -> File not found
    \\"HideLogoffScripts" -> [0] -> File not found
    \\"RunLogonScriptSync" -> [1] -> File not found
    \\"RunStartupScriptSync" -> [0] -> File not found
    \\"HideStartupScripts" -> [0] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"HideLegacyLogonScripts" -> [0] -> File not found
    \\"HideLogoffScripts" -> [0] -> File not found
    \\"RunLogonScriptSync" -> [1] -> File not found
    \\"RunStartupScriptSync" -> [0] -> File not found
    \\"HideStartupScripts" -> [0] -> File not found
    \\"disableregistrytools" -> [0] -> File not found
    \\"DisableTaskMgr" -> [0] -> File not found
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    &ieSpell Options -> %ProgramFiles%\ieSpell\iespell.dll [res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM] -> [2006/11/01 00:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
    Check &Spelling -> %ProgramFiles%\ieSpell\iespell.dll [res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM] -> [2006/11/01 00:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
    Download using LeechGet -> %ProgramFiles%\LeechGet 2004\AddUrl.html [file://D:\Program Files\LeechGet 2004\\AddUrl.html] -> [2003/09/10 15:25:18 | 00,001,012 | ---- | M] ()
    Download using LeechGet Wizard -> %ProgramFiles%\LeechGet 2004\Wizard.html [file://D:\Program Files\LeechGet 2004\\Wizard.html] -> [2003/09/10 15:25:24 | 00,000,967 | ---- | M] ()
    E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2008/10/28 15:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
    Lookup on Merriam Webster -> %ProgramFiles%\ieSpell\Merriam Webster.HTM [file://D:\Program Files\ieSpell\Merriam Webster.HTM] -> [2006/10/31 23:51:36 | 00,000,912 | ---- | M] ()
    Lookup on Wikipedia -> %ProgramFiles%\ieSpell\wikipedia.HTM [file://D:\Program Files\ieSpell\wikipedia.HTM] -> [2006/10/31 00:31:14 | 00,000,912 | ---- | M] ()
    Parse with LeechGet -> %ProgramFiles%\LeechGet 2004\Parser.html [file://D:\Program Files\LeechGet 2004\\Parser.html] -> [2003/09/10 15:25:20 | 00,001,060 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> %ProgramFiles%\ieSpell\iespell.dll [Button: ieSpell] -> [2006/11/01 00:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
    {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> %ProgramFiles%\ieSpell\iespell.dll [Menu: ieSpell] -> [2006/11/01 00:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
    {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> %ProgramFiles%\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2006/11/01 00:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
    {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
    CmdMapping\\"{ECC5777A-6E88-BFCE-13CE-81F134789E7B}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
    PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5450 domain(s) found. ->
    49 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8993 domain(s) found. ->
    .[msn] -> My Computer ->
    56 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] ->
    {215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] ->
    {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwa...director/sw.cab [Shockwave ActiveX Control] ->
    {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [HKLM] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab [ActiveScan 2.0 Installer Class] ->
    {33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab [Reg Error: Key error.] ->
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] ->
    {6C269571-C6D7-4818-BCA4-32A035E8C884} [HKLM] -> http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab [Creative Software AutoUpdate] ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_12] ->
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab [Reg Error: Key error.] ->
    {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] ->
    {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] ->
    {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_12] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_12] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab [Shockwave Flash Object] ->
    {F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://www.creative.com/softwareupdate/su/...15102/CTPID.cab [Creative Software AutoUpdate Support Package] ->
    < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {1B2A5997-4C7A-49F1-8D79-66BBDEDFF179} -> (1394 Net Adapter) ->
    {4D78A6D4-6FB1-4A94-A74C-A37D0FEFF69C} -> (1394 Net Adapter) ->
    {806A0A96-79E4-4DB4-B6CF-8281BF394C17} -> (Intel® PRO/1000 CT Network Connection) ->
    {E476F884-5009-446B-83C0-46F9405222C6} -> () ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/14 10:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> [2008/07/04 13:13:35 | 00,139,264 | ---- | M] (ATI Technologies Inc.)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 08:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
    "{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [SpywareGuard] -> [2003/08/02 23:20:57 | 00,126,976 | R--- | M] ()
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> D:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 04:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> D:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 10:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> D:\Program Files\Windows Live\Messenger\msnmsgr.exe [D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    "D:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> D:\Program Files\Windows Live\Messenger\wlcsdk.exe [D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> D:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 04:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> D:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 10:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
    "D:\Documents and Settings\Jay Hearfield\Desktop\utorrent.exe" -> D:\Documents and Settings\Jay Hearfield\Desktop\utorrent.exe [D:\Documents and Settings\Jay Hearfield\Desktop\utorrent.exe:*:Enabled:µTorrent] -> [2008/08/14 09:25:20 | 00,267,056 | ---- | M] (BitTorrent, Inc.)
    "D:\panzer2\PANZER2.EXE" -> D:\panzer2\PANZER2.EXE [D:\panzer2\PANZER2.EXE:*:Enabled:PANZER2] -> [1997/09/30 17:31:44 | 00,749,568 | ---- | M] ()
    "D:\Program Files\BearFlix\bearflix.exe" -> D:\Program Files\BearFlix\bearflix.exe [D:\Program Files\BearFlix\bearflix.exe:*:Enabled:BearFlix] -> [2006/08/01 23:31:18 | 06,574,080 | ---- | M] (Musiclab, LLC)
    "D:\Program Files\Bonjour\mDNSResponder.exe" -> D:\Program Files\Bonjour\mDNSResponder.exe [D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
    "D:\Program Files\Electronic Arts\EADM\Core.exe" -> D:\Program Files\Electronic Arts\EADM\Core.exe [D:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> [2008/06/13 18:27:34 | 02,752,512 | ---- | M] (Electronic Arts)
    "D:\Program Files\Internet Explorer\iexplore.exe" -> D:\Program Files\Internet Explorer\iexplore.exe [D:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2008/12/19 15:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
    "D:\Program Files\iTunes\iTunes.exe" -> D:\Program Files\iTunes\iTunes.exe [D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 19:56:54 | 13,498,664 | ---- | M] (Apple Inc.)
    "D:\Program Files\LeechGet 2004\LeechGet.exe" -> D:\Program Files\LeechGet 2004\LeechGet.exe [D:\Program Files\LeechGet 2004\LeechGet.exe:*:Enabled:LeechGet Download Manager] -> [2004/01/11 20:26:22 | 00,642,560 | ---- | M] (Cronosoft)
    "D:\Program Files\Messenger\msmsgs.exe" -> D:\Program Files\Messenger\msmsgs.exe [D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
    "D:\Program Files\Valve\Steam\steam.exe" -> D:\Program Files\Valve\Steam\steam.exe [D:\Program Files\Valve\Steam\steam.exe:*:Enabled:Steam] -> [2007/10/17 17:24:00 | 01,271,032 | ---- | M] (Valve Corporation)
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> D:\Program Files\Windows Live\Messenger\msnmsgr.exe [D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    "D:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> D:\Program Files\Windows Live\Messenger\wlcsdk.exe [D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
    "D:\Program Files\Xfire\Xfire.exe" -> D:\Program Files\Xfire\Xfire.exe [D:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> [2007/03/02 11:44:22 | 02,416,720 | ---- | M] (Xfire Inc.)
    "D:\WINDOWS\system32\dplaysvr.exe" -> D:\WINDOWS\system32\dplaysvr.exe [D:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> [2008/04/14 10:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation)
    "D:\WINDOWS\system32\dpvsetup.exe" -> D:\WINDOWS\system32\dpvsetup.exe [D:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test] -> [2008/04/14 10:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    "AlternateShell" -> cmd.exe ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/14 04:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


    [Files/Folders - Created Within 30 Days]
    OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/04/06 11:44:50 | 00,000,000 | ---D | C]
    OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/06 11:44:24 | 00,664,709 | ---- | C] ()
    MC-notes.doc -> %UserProfile%\Desktop\MC-notes.doc -> [2009/04/04 18:44:47 | 00,032,256 | ---- | C] ()
    Template -> %AppData%\Template -> [2009/04/01 06:45:20 | 00,000,000 | ---D | C]
    Maths Report.doc -> %UserProfile%\Desktop\Maths Report.doc -> [2009/03/31 18:44:33 | 00,037,888 | ---- | C] ()
    GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2009/03/28 13:24:58 | 00,044,760 | ---- | C] ()
    {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> %AllUsersProfile%\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/03/26 16:10:52 | 00,000,000 | ---D | C]
    Bonjour -> %ProgramFiles%\Bonjour -> [2009/03/26 16:08:07 | 00,000,000 | ---D | C]
    pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2009/03/25 15:51:01 | 00,028,544 | ---- | C] (Panda Security, S.L.)
    Panda Security -> %ProgramFiles%\Panda Security -> [2009/03/25 15:50:37 | 00,000,000 | ---D | C]
    CDisplay -> %ProgramFiles%\CDisplay -> [2009/03/24 21:07:21 | 00,000,000 | ---D | C]
    CDisplayEx -> %ProgramFiles%\CDisplayEx -> [2009/03/24 18:48:06 | 00,000,000 | ---D | C]
    Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [2009/03/24 14:02:56 | 00,000,000 | ---D | C]
    Adobe -> %AllUsersProfile%\Application Data\Adobe -> [2009/03/24 14:00:08 | 00,000,000 | ---D | C]
    Tracing -> %UserProfile%\Tracing -> [2009/03/23 07:17:02 | 00,000,000 | ---D | C]
    Microsoft -> %ProgramFiles%\Microsoft -> [2009/03/23 07:14:45 | 00,000,000 | ---D | C]
    Windows Live SkyDrive -> %ProgramFiles%\Windows Live SkyDrive -> [2009/03/23 07:14:24 | 00,000,000 | ---D | C]
    Windows Live -> %CommonProgramFiles%\Windows Live -> [2009/03/23 07:10:28 | 00,000,000 | ---D | C]
    pbsvc.exe -> %SystemRoot%\System32\pbsvc.exe -> [2009/03/22 09:25:43 | 00,794,408 | ---- | C] ()
    microsoft -> %AllUsersProfile%\Documents\microsoft -> [2009/03/11 19:00:42 | 00,000,000 | ---D | C]
    gmer.ini -> %SystemRoot%\gmer.ini -> [2009/03/06 17:17:09 | 00,000,345 | ---- | C] ()
    gmer.dll -> %SystemRoot%\gmer.dll -> [2009/03/06 17:17:05 | 00,884,736 | ---- | C] ()
    WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [2009/02/08 18:12:11 | 00,000,754 | ---- | C] ()
    skipbuf.ini -> %SystemRoot%\skipbuf.ini -> [2008/08/14 20:01:49 | 00,000,031 | ---- | C] ()
    SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [2008/07/22 18:12:39 | 00,000,379 | ---- | C] ()
    instwdm.ini -> %SystemRoot%\System32\instwdm.ini -> [2008/06/27 18:05:08 | 00,049,565 | ---- | C] ()
    epfwtdir.sys -> %SystemRoot%\System32\drivers\epfwtdir.sys -> [2008/02/20 10:11:16 | 00,033,800 | ---- | C] ()
    bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [2008/01/09 15:01:48 | 00,000,453 | ---- | C] ()
    CddbPlaylist2Sony.dll -> %SystemRoot%\System32\CddbPlaylist2Sony.dll -> [2006/12/18 22:39:30 | 00,520,192 | ---- | C] ()
    Iedit_.INI -> %SystemRoot%\Iedit_.INI -> [2006/09/23 20:41:08 | 00,000,030 | ---- | C] ()
    atksgt.sys -> %SystemRoot%\System32\drivers\atksgt.sys -> [2006/09/07 10:31:02 | 00,271,360 | ---- | C] ()
    lirsgt.sys -> %SystemRoot%\System32\drivers\lirsgt.sys -> [2006/09/07 10:31:01 | 00,018,048 | ---- | C] ()
    unrar.dll -> %SystemRoot%\System32\unrar.dll -> [2006/06/23 22:30:50 | 00,157,696 | ---- | C] ()
    x264vfw.dll -> %SystemRoot%\System32\x264vfw.dll -> [2006/06/23 22:30:47 | 00,568,850 | ---- | C] ()
    ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [2006/06/23 22:30:45 | 00,005,120 | ---- | C] ()
    ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [2006/06/23 22:30:45 | 00,000,547 | ---- | C] ()
    xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [2006/05/30 00:05:08 | 00,856,064 | ---- | C] ()
    game.ini -> %SystemRoot%\game.ini -> [2006/05/18 13:28:09 | 00,000,312 | ---- | C] ()
    sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [2006/05/10 12:34:53 | 00,639,224 | ---- | C] ()
    BlendSettings.ini -> %SystemRoot%\BlendSettings.ini -> [2006/03/24 19:51:34 | 00,000,023 | ---- | C] ()
    Iedit.INI -> %SystemRoot%\Iedit.INI -> [2006/02/23 16:26:49 | 00,000,030 | ---- | C] ()
    e10kxwdm.ini -> %SystemRoot%\System32\e10kxwdm.ini -> [2006/01/28 16:47:14 | 00,050,410 | ---- | C] ()
    xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [2005/12/31 02:48:26 | 00,217,088 | ---- | C] ()
    CTBurst.dll -> %SystemRoot%\System32\CTBurst.dll -> [2005/12/08 11:24:52 | 00,043,520 | ---- | C] ()
    PestPatrol5.INI -> %SystemRoot%\PestPatrol5.INI -> [2005/11/07 20:33:43 | 00,000,000 | ---- | C] ()
    cpuinf32.dll -> %SystemRoot%\System32\cpuinf32.dll -> [2005/11/07 17:50:43 | 00,019,968 | ---- | C] ()
    ODBC.INI -> %SystemRoot%\ODBC.INI -> [2005/11/07 16:50:22 | 00,000,376 | ---- | C] ()
    WININIT.INI -> %SystemRoot%\WININIT.INI -> [2005/11/06 23:59:32 | 00,000,176 | ---- | C] ()
    AC3API.INI -> %SystemRoot%\AC3API.INI -> [2005/11/06 23:42:38 | 00,000,231 | ---- | C] ()
    psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2005/11/06 23:41:59 | 00,363,520 | ---- | C] ()
    ctzapxx.ini -> %SystemRoot%\System32\ctzapxx.ini -> [2005/11/06 23:40:51 | 00,000,054 | ---- | C] ()
    a3d.dll -> %SystemRoot%\System32\a3d.dll -> [2005/11/06 23:40:29 | 00,033,792 | ---- | C] ( )
    SBWIN.INI -> %SystemRoot%\SBWIN.INI -> [2005/11/06 23:38:33 | 00,000,136 | ---- | C] ()
    WinFlash.sys -> %SystemRoot%\System32\drivers\WinFlash.sys -> [2005/11/06 23:31:30 | 00,003,548 | ---- | C] ()
    FlashMenu.sys -> %SystemRoot%\System32\FlashMenu.sys -> [2005/11/06 20:55:23 | 00,033,530 | ---- | C] ()
    Instdll.dll -> %SystemRoot%\System32\Instdll.dll -> [2005/11/06 20:52:48 | 00,110,592 | ---- | C] ()
    e1000msg.dll -> %SystemRoot%\System32\e1000msg.dll -> [2005/11/06 20:32:43 | 00,131,072 | R--- | C] ()
    LFFPX7.DLL -> %SystemRoot%\System32\LFFPX7.DLL -> [2005/09/08 20:53:41 | 00,338,944 | ---- | C] ()
    LFKODAK.DLL -> %SystemRoot%\System32\LFKODAK.DLL -> [2005/09/08 20:53:41 | 00,122,880 | ---- | C] ()
    frapsvid.dll -> %SystemRoot%\System32\frapsvid.dll -> [2005/08/15 23:15:19 | 00,036,864 | ---- | C] ()
    qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2005/08/10 08:12:28 | 03,596,288 | ---- | C] ()
    ctmmactl.dll -> %SystemRoot%\System32\ctmmactl.dll -> [2005/06/16 17:17:16 | 00,077,824 | ---- | C] ()
    kill.ini -> %SystemRoot%\System32\kill.ini -> [2003/03/21 16:56:12 | 00,000,307 | ---- | C] ()
    win.ini -> %SystemRoot%\win.ini -> [2001/10/04 17:16:36 | 00,000,822 | ---- | C] ()
    system.ini -> %SystemRoot%\system.ini -> [2001/10/04 17:16:20 | 00,000,227 | ---- | C] ()

    [Files/Folders - Modified Within 30 Days]
    15 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp ->
    6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp ->
    13 D:\Documents and Settings\Jay Hearfield\Local Settings\temp\*.tmp files -> D:\Documents and Settings\Jay Hearfield\Local Settings\temp\*.tmp ->
    13 D:\Documents and Settings\Jay Hearfield\Local Settings\temp\*.tmp files -> D:\Documents and Settings\Jay Hearfield\Local Settings\temp\*.tmp ->
    13 D:\Documents and Settings\Jay Hearfield\Local Settings\temp\*.tmp files -> D:\Documents and Settings\Jay Hearfield\Local Settings\temp\*.tmp ->
    OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/06 11:44:29 | 00,664,709 | ---- | M] ()
    MC-notes.doc -> %UserProfile%\Desktop\MC-notes.doc -> [2009/04/06 11:40:02 | 00,032,256 | ---- | M] ()
    schedule.rtf -> %UserProfile%\Desktop\schedule.rtf -> [2009/04/06 08:17:35 | 00,003,865 | ---- | M] ()
    Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/04/05 12:58:17 | 00,000,472 | ---- | M] ()
    ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/04/05 11:03:56 | 19,660,800 | ---- | M] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/04 11:40:36 | 00,011,264 | ---- | M] ()
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/04/02 15:21:06 | 00,000,284 | ---- | M] ()
    qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/04/01 07:11:27 | 00,006,250 | ---- | M] ()
    qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/04/01 07:10:48 | 00,007,403 | ---- | M] ()
    {00000003-00000000-00000006-00001102-00000004-20021102}.CDF -> %SystemRoot%\{00000003-00000000-00000006-00001102-00000004-20021102}.CDF -> [2009/04/01 07:05:17 | 04,958,588 | ---- | M] ()
    Perflib_Perfdata_378.dat -> %SystemRoot%\Temp\Perflib_Perfdata_378.dat -> [2009/04/01 06:57:12 | 00,016,384 | ---- | M] ()
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/01 06:56:58 | 00,000,006 | -H-- | M] ()
    wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/01 06:56:38 | 00,002,228 | ---- | M] ()
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/01 06:56:31 | 00,002,048 | --S- | M] ()
    BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> [2009/04/01 06:54:39 | 00,029,544 | ---- | M] ()
    BMXState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> [2009/04/01 06:54:39 | 00,029,544 | ---- | M] ()
    BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> [2009/04/01 06:54:39 | 00,026,424 | ---- | M] ()
    BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> [2009/04/01 06:54:39 | 00,026,424 | ---- | M] ()
    DVCState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\DVCState-{00000003-00000000-00000006-00001102-00000004-20021102}.rfx -> [2009/04/01 06:54:39 | 00,011,564 | ---- | M] ()
    settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2009/04/01 06:54:39 | 00,001,080 | ---- | M] ()
    settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2009/04/01 06:54:39 | 00,001,080 | ---- | M] ()
    ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/01 06:54:18 | 00,000,178 | -HS- | M] ()
    {00000003-00000000-00000006-00001102-00000004-20021102}.BAK -> %SystemRoot%\{00000003-00000000-00000006-00001102-00000004-20021102}.BAK -> [2009/04/01 06:52:56 | 04,958,588 | ---- | M] ()
    wklntsk.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk.dat -> [2009/04/01 06:45:21 | 00,373,124 | ---- | M] ()
    wklntnts.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntnts.dat -> [2009/04/01 06:45:21 | 00,373,124 | ---- | M] ()
    Maths Report.doc -> %UserProfile%\Desktop\Maths Report.doc -> [2009/03/31 18:45:11 | 00,037,888 | ---- | M] ()
    win.ini -> %SystemRoot%\win.ini -> [2009/03/31 17:53:16 | 00,000,822 | ---- | M] ()
    GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2009/03/28 13:24:58 | 00,044,760 | ---- | M] ()
    x360games.rtf -> %UserProfile%\My Documents\x360games.rtf -> [2009/03/26 21:51:37 | 00,009,067 | ---- | M] ()
    Perflib_Perfdata_afc.dat -> %UserProfile%\Local Settings\temp\Perflib_Perfdata_afc.dat -> [2009/03/26 16:02:15 | 00,016,384 | ---- | M] ()
    index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/03/26 15:21:02 | 00,032,768 | -HS- | M] ()
    index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2009/03/26 15:21:02 | 00,016,384 | -HS- | M] ()
    index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2009/03/26 15:21:02 | 00,016,384 | -HS- | M] ()
    WININIT.INI -> %SystemRoot%\WININIT.INI -> [2009/03/26 10:57:29 | 00,000,176 | ---- | M] ()
    secuniasi5059940794946429950.dll -> %UserProfile%\Local Settings\temp\secuniasi5059940794946429950.dll -> [2009/03/26 10:57:14 | 00,192,512 | ---- | M] ()
    secuniasi7670458631913623889.dll -> %UserProfile%\Local Settings\temp\secuniasi7670458631913623889.dll -> [2009/03/26 10:43:22 | 00,192,512 | ---- | M] ()
    tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/03/26 10:25:13 | 00,153,104 | ---- | M] (Trend Micro Inc.)
    T3.dll -> %UserProfile%\Local Settings\temp\a2onlinescan\T3.dll -> [2009/03/25 17:03:56 | 06,052,344 | ---- | M] (IKARUS Security Software)
    jre-6u13-windows-i586-p-iftw.exe -> %UserProfile%\Local Settings\temp\jre-6u13-windows-i586-p-iftw.exe -> [2009/03/25 17:02:45 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.)
    a2trust.dat -> %UserProfile%\Local Settings\temp\a2onlinescan\a2trust.dat -> [2009/03/25 17:01:53 | 00,021,647 | ---- | M] ()
    engine.dll -> %UserProfile%\Local Settings\temp\a2onlinescan\engine.dll -> [2009/03/25 17:01:51 | 00,454,272 | ---- | M] (Emsi Software GmbH)
    a2wl.dat -> %UserProfile%\Local Settings\temp\a2onlinescan\a2wl.dat -> [2009/03/25 17:01:41 | 00,131,064 | ---- | M] ()
    resource.dll -> %UserProfile%\Local Settings\temp\a2onlinescan\resource.dll -> [2009/03/25 17:01:14 | 00,353,400 | ---- | M] (Emsi Software GmbH)
    vdbupdate.dll -> %UserProfile%\Local Settings\temp\a2onlinescan\vdbupdate.dll -> [2009/03/25 17:01:01 | 00,154,104 | ---- | M] (Ikarus Software GmbH)
    a2heur.dat -> %UserProfile%\Local Settings\temp\a2onlinescan\a2heur.dat -> [2009/03/25 17:00:25 | 00,008,306 | ---- | M] ()
    sfdb.dat -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\engine\bases\sfdb.dat -> [2009/03/25 07:13:40 | 00,000,084 | ---- | M] ()
    kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\kosglue-7.0.25.0.dll -> [2009/03/25 06:10:09 | 00,729,152 | ---- | M] (Kaspersky Lab)
    prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\prLoader.dll -> [2009/03/25 06:10:09 | 00,184,320 | ---- | M] (Kaspersky Lab)
    prremote.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\prremote.dll -> [2009/03/25 06:10:09 | 00,090,112 | ---- | M] (Kaspersky Lab)
    msvcr80.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\msvcr80.dll -> [2009/03/25 06:10:08 | 00,626,688 | ---- | M] (Microsoft Corporation)
    msvcp80.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\msvcp80.dll -> [2009/03/25 06:10:08 | 00,548,864 | ---- | M] (Microsoft Corporation)
    kave.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\kave.dll -> [2009/03/25 06:10:08 | 00,282,624 | ---- | M] (Kaspersky Lab.)
    ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\ScanningProcess.exe -> [2009/03/25 06:10:08 | 00,139,264 | ---- | M] (Kaspersky Lab.)
    ikave.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\ikave.dll -> [2009/03/25 06:10:08 | 00,065,536 | ---- | M] ()
    msvcm80.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\msvcm80.dll -> [2009/03/25 06:10:07 | 00,479,232 | ---- | M] (Microsoft Corporation)
    FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-Jay Hearfield\binaries\FSSync.dll -> [2009/03/25 06:10:07 | 00,038,400 | ---- | M] (Kaspersky Lab)
    FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/24 13:41:20 | 00,184,224 | ---- | M] ()
    GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/03/23 07:16:30 | 00,044,760 | ---- | M] ()
    My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2009/03/23 07:16:13 | 00,000,927 | ---- | M] ()
    pbsvc.exe -> %SystemRoot%\System32\pbsvc.exe -> [2009/03/22 09:25:43 | 00,794,408 | ---- | M] ()
    Webshots.lnk -> %UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> [2009/03/13 18:00:31 | 00,000,676 | ---- | M] ()
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/03/11 19:00:10 | 00,001,374 | ---- | M] ()
    Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/03/08 12:00:24 | 00,064,160 | ---- | M] (Lavasoft AB)
    uninstall.exe -> %UserProfile%\Local Settings\temp\nstmp\uninstall.exe -> [2008/07/12 13:09:59 | 00,086,678 | ---- | M] (mozilla.org)
    data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2005/12/09 13:11:35 | 00,001,372 | ---- | M] ()
    wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2005/11/07 16:56:58 | 00,016,384 | ---- | M] ()

    [Alternate Data Streams]
    @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
    @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29
    @Alternate Data Stream - 1242 bytes -> %UserProfile%\Cookies:J5UfkCptBTYErVWHaNH0L6EkdU
    @Alternate Data Stream - 1304 bytes -> %AllUsersProfile%\Application Data\Microsoft:jNZqg4hXGanoSjBd6qpiH3xRX
    @Alternate Data Stream - 1326 bytes -> %AllUsersProfile%\Application Data\Microsoft:jbq276UdIrSOVrOnr6xVWHVqF
    < End of report >

    #11 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:07:31 AM

    Posted 06 April 2009 - 07:25 AM

    utorrent.exe -> %UserProfile%\Desktop\utorrent.exe -> [2008/08/14 09:25:20 | 00,267,056 | ---- | M] (BitTorrent, Inc.)

    This indicates that utorrent may still be installed. Please verify that it is uninstalled.

    Use Windows Explorer, (My Computer (Windows key+e).
    File/folder location is indicated by C (or the name of the drive you are using) C:\name of the folder\name of file. Search for the following files/folders and DELETE the following Files/Folders indicated in Red. (Do not worry if they are not there):

    D:\WINDOWS\system32\CTHELPER.EXE

    Please post a new HijackThis log.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #12 killingyouguy

    killingyouguy
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:10:31 PM

    Posted 06 April 2009 - 02:39 PM

    I was never asked to uninstall utorrent. I did forget to close it when I ran that last scan; usually it's always visible on the task bar but it was hidden when the task bar minimized this time, missed it.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:37:54 AM, on 7/04/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\System32\CTsvcCDA.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    D:\Program Files\Razer\razerhid.exe
    D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Razer\razerofa.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    D:\FRAPS\FRAPS.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\PROGRA~1\Webshots\webshots.scr
    D:\Program Files\SpywareGuard\sgbhp.exe
    D:\Program Files\Java\jre6\bin\jucheck.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\Razer\razertra.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: E10cesvhum - Intel Corporation - (no file)
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12596 bytes

    #13 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:07:31 AM

    Posted 07 April 2009 - 04:27 PM

    Step 1

    I was never asked to uninstall utorrent. I did forget to close it when I ran that last scan; usually it's always visible on the task bar but it was hidden when the task bar minimized this time, missed it.

    uTorrent did not show up in your HijackThis logs so I had not asked you to remove it. It did show up in another log so it did need to be uninstalled. I want you to read why we usually ask that P2P programs be removed.

    Since the nature of P2P programs are counter productive to restoring your PC to a healthy state, I ask that you remove P2P file sharing programs prior to my providing you with malware removal assistance. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.

    The people who design and distribute malware will use any method to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular method is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
    To remove the P2P program:
    • Click Start > Control Panel.
    • In Control Panel, double-click Add or Remove Programs.
    • In Add or Remove Programs, highlight , click Remove.
    • Close the Add or Remove Programs and the Control Panel windows.
    • Using Windows Explorer (Windows key+e), search for the folder. If the program folder is still there, select/highlight . DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
    • Close Windows Explorer.
    There is a Video showing how to uninstall a program (Grinler) detailing how to add or remove program in Windows for those who find a visual aid appealing. NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

    I am not asking you to do remove the P2P program(s) without giving you good reasons for doing so.
    • P2P programs form a direct conduit on to your computer.
    • P2P security measures are easily circumvented.
    • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
    • There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
    • P2P programs have always been a target of malware writers. There are more Viruses, Worms and Trojans being distributed with the downloaded files.
    • P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
    • Many of the files in P2P networks are copyrighted and legal action could result.
    • Pedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
    • This article from InfoWorld, Seattle Man Arrested For P To P ID Theft, illustrates perfectly the dangers of a poorly configured P2P program.
    • Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
    • When you use them, you are downloading software from an unknown source directly onto your computer bypassing your Firewall and Anti-Virus software. Many of these Downloads are being targeted to carry infections.
    For more information, please read Malware Removal Forum's Policy regarding P2P programs. P2P (peer to peer) file sharing programs must be removed.

    References for the risk of these programs are:If you continue to use P2P programs, you will probably get infected again.

    Step 2

    Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

    Step 3

    Please post a new HijackThis log.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #14 killingyouguy

    killingyouguy
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:10:31 PM

    Posted 10 April 2009 - 07:35 PM

    I couldn't find the uninstall, or folder that matter, for utorrent. There's nothing under Start Menu or Program Files. Maybe it just runs from the program on my desktop, so I deleted that.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:34:07 AM, on 11/04/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\System32\CTsvcCDA.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    D:\Program Files\Razer\razerhid.exe
    D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Razer\razerofa.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    D:\FRAPS\FRAPS.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\PROGRA~1\Webshots\webshots.scr
    D:\Program Files\SpywareGuard\sgbhp.exe
    D:\Program Files\Java\jre6\bin\jucheck.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\Razer\razertra.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] D:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] D:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: E10cesvhum - Intel Corporation - (no file)
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12524 bytes

    #15 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:07:31 AM

    Posted 12 April 2009 - 10:20 AM

    Good job! Your HijackThis log appears to be clean.

    Tips To Protect Your Computer
    • Avoid clicking on links in instant messages.
    • Avoid opening email attachments.
    • Avoid visiting every poker site on the net.
    • Avoid downloading all that free cute junk.
    • Avoid using the peer-to-peer file sharing.
    • Avoid getting those handy toolbar doodads for your browsers.
    • Malware is out there just waiting to pounce on your system if you only pass by where they are lurking which may be at some seemingly innocent web site. Be careful because some of the malware are so vicious that no one can possibly save you once you let them in.
    • Remember that new malware emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.
    Tools Downloaded To Clean Your Computer

    I may have asked you to install some tools. Some need to be removed; others may be left to your decision. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
    • Click Start > Control Panel.
    • In Control Panel, double-click Add or Remove Programs.
    • In Add or Remove Programs, highlight the program, click Remove.
    • Close the Add or Remove Programs and the Control Panel windows.
    Optional Tools:
    • Ad-Aware 2008 scans, detects, and removes spyware on your computer.
    • ATF-Cleaner cleans all user temp folders, Java cache, (which seems to be harboring more and more malware), the cache, cookies, history, download history, visited links and saved passwords. Scan weekly if you have high Internet use.
    • Trend Micro's HijackThis or random's System Information Tool (RSIT) may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
    • SUPERAntiSpyware scans, detects, and removes spyware on your computer.
    • Malwarebytes ' Anti-Malware scans, detects, and removes malware on your computer.
    • a-squared Free scans, detects, and removes trojans, worms, spyware on your computer.
    • Spybot S&D scans, detects, and removes malware on your computer.
    If you have changed the default settings for files/folders, please restore the default settings for files/folders.
    • Go to My Computer.
    • Select the Tools menu and click Folder Options.
    • Click the View tab.
    • Under Advanced Settings, click the Restore Defaults button in the lower right corner.
    • Click Apply and then the OK and close My Computer.
    Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

    STEPS TO KEEP YOUR COMPUTER CLEAN AND SECURE:

    Please follow these simple steps in order to keep your computer clean and secure:
    • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
      Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
      • Close all open programs. Then right-click My Computer on the Windows' desktop
      • Click on Properties.
      • Click on the System Restore tab.
      • Check Turn off System Restore on all drives.
      • Restart the system.
      • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step d.
      • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
    • Make your Internet Explorer more secure: This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialize and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it asks you if you want to save the settings, press the Yes button.
      • Click Apply > OK button and then the OK to exit the Internet Properties page.
    • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
      Computer Safety On line - Software Firewalls. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
    • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
      Computer Safety On line - Anti-Virus
    • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
      Using Spybot - Search & Destroy to remove Spyware from Your Computer
    • You should scan your computer with Ad-Aware 2007/2008 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
      Ad-Aware 2008.
    • Update SpywareBlaster (at least weekly): SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firec settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
      Computer Safety on line Anti Malware
    • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
      • Click the start button on the task bar at the bottom of your screen
      • Click run
      • In the dialog box, type services.msc
      • hit enter, then locate dns client
      • Highlight it, then doubleclick it.
      • On the dropdown box, change the setting from automatic to manual.
      • Click OK.
    • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    • Please read Tony Klein's excellent article: How I got Infected in the First Place
    • Please read Understanding Spyware, Browser Hijackers, and Dialers
    • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
    • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
      Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
    • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
    Follow these steps and your potential for being infected again will reduce dramatically.
    Good luck!
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users