Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups Help Please


  • This topic is locked This topic is locked
46 replies to this topic

#1 dog54321

dog54321

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 April 2009 - 12:36 AM

Alot of Cid Ads, help please hi jack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:34 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\New Folder\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\new folder\steamapps\xfourkingsx\counter-strike source\hl2.exe
C:\New Folder\GameOverlayUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\1\Desktop\Khoi Folder\Fixing Virus\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Application Data\Mail For File Wave\clock info.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9caf2552e25d4e5e922457707c766ed8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9caf2552e25d4e5e922457707c766ed8
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.facebook.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - Unknown owner - G:\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 14881 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 08 April 2009 - 08:10 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
In your next reply please include the following:
  • MBAM log
  • OTListIt.txt
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 11 April 2009 - 09:36 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 13 April 2009 - 12:29 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 19 April 2009 - 09:19 AM

Hello.

Topic re-opened upon user's request.

Please post the necessary logs.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 19 April 2009 - 05:20 PM

Thankyou for reopening, it may take a 1-2 days to post the antivirus log because it takes quite long and i might do it over night, ill get it to you asap.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 19 April 2009 - 05:23 PM

Hello.

it may take a 1-2 days to post the antivirus log because it takes quite long and i might do it over night, ill get it to you asap.

What Anti-Virus log?

All I needed to see is MBAM log and the OTListIT2 log.

Thanks. Hope to hear from you soon then.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 20 April 2009 - 05:35 AM

I meant malwarebytes log. Sorry haha

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 20 April 2009 - 02:47 PM

Okay.

Hope to see the logs soon. Just FYI, the MBAM scan usually does not take longer than 10 minutes for most computers. The OTListIT2 scan does not take more than 3 minutes.

Anyways, post the logs once they are complete.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 22 April 2009 - 12:19 AM

otlist keeps freezing when i scan i dont know y

#11 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 22 April 2009 - 12:40 AM

nvm ig ot it

OTListIt Extras logfile created on: 4/22/2009 2:45:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\1\Desktop\Khoi Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 320.49 Mb Available Physical Memory | 31.57% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 81.36 Gb Free Space | 34.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1-8927C7F107494
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"11448:TCP" = 11448:TCP:*:Enabled:BitComet 11448 TCP
"11448:UDP" = 11448:UDP:*:Enabled:BitComet 11448 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57567:TCP" = 57567:TCP:*:Enabled:Pando Media Booster
"57567:UDP" = 57567:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/14 04:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2009/01/09 13:09:12 | 00,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/01/16 07:28:27 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2009/03/13 08:53:40 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III
[2009/04/03 15:07:51 | 03,288,848 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
File not found -- C:\Program Files\Steam\SteamApps\xfourkingsx\counter-strike source\hl2.exe:*:Enabled:hl2
[2008/03/27 02:49:43 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/04/11 08:03:44 | 00,163,840 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2008/04/14 04:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/07/09 17:08:42 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2005/08/03 06:48:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon
[2008/04/14 09:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2001/03/02 22:06:04 | 00,860,160 | ---- | M] (Frontcode Technologies) -- C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/11/14 19:47:57 | 02,140,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
[2008/04/14 09:42:33 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing
[2006/12/08 10:24:32 | 04,825,088 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime Essentials
[2008/11/10 09:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2009/01/09 13:09:12 | 00,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/01/06 12:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/04/03 16:01:41 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/09/02 12:18:02 | 01,373,440 | ---- | M] (Sony Creative Software Inc.) -- C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}" = Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90C07306-2B13-4236-B6D7-6E294110D141}" = Nokia PC Suite
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-03-17
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}" = Sony Ericsson PC Suite
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}" = LG GSM PC Components
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA678507-B6F0-4216-89B7-FD8674E61CE3}" = PC Connectivity Solution
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EDA0FFC5-7964-4E2F-9014-693F04695933}" = BA Installer
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Ask Toolbar_is1" = Ask Toolbar
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"Counter-Strike 1.6_is1" = Counter-Strike 1.6
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EfntSSDSL" = Siemens Subscriber Networks SpeedStream DSL
"EsetOnlineScanner" = ESET Online Scanner
"eTrust Suite Personal" = CA Internet Security Suite
"Hide Files and Folders_is1" = Hide Files and Folders v3.2
"Hide Folders XP 2_is1" = Hide Folders XP 2.9.8 for Windows XP/Vista
"HijackThis" = HijackThis 2.0.2
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.01
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LimeWire" = LimeWire 4.17.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OptusNet DSL" = OptusNet DSL
"Password Recovery for MSN" = Password Recovery for MSN (remove only)
"RealPlayer 6.0" = RealPlayer
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX180" = WinMX
"WinMX200" = WinMX
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"xvid" = XviD MPEG-4 Video Codec
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2009 6:23:35 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/21/2009 6:24:18 PM | Computer Name = 1-8927C7F107494 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2009 7:13:21 PM | Computer Name = 1-8927C7F107494 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module mshtml.dll, version 8.0.6001.18372, fault address 0x00421b8c.

Error - 4/21/2009 8:49:53 PM | Computer Name = 1-8927C7F107494 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mediamanager.exe, P2 1.2.1.822, P3 48bd7036,
P4 system.drawing, P5 2.0.0.0, P6 461ef1b8, P7 7a8, P8 6c, P9 system.argumentexception,
P10 NIL.

Error - 4/21/2009 8:50:24 PM | Computer Name = 1-8927C7F107494 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mediamanager.exe, P2 1.2.1.822, P3 48bd7036,
P4 system.drawing, P5 2.0.0.0, P6 461ef1b8, P7 7a8, P8 6c, P9 system.argumentexception,
P10 NIL.

Error - 4/21/2009 8:50:46 PM | Computer Name = 1-8927C7F107494 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mediamanager.exe, P2 1.2.1.822, P3 48bd7036,
P4 system.drawing, P5 2.0.0.0, P6 461ef1b8, P7 7a8, P8 6c, P9 system.argumentexception,
P10 NIL.

Error - 4/21/2009 10:07:23 PM | Computer Name = 1-8927C7F107494 | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

Error - 4/21/2009 10:10:28 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/21/2009 10:10:37 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB962870): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/21/2009 10:10:45 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 4/21/2009 6:20:00 PM | Computer Name = 1-8927C7F107494 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 4/21/2009 6:24:00 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 4/21/2009 6:24:00 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB962870).

Error - 4/21/2009 6:24:00 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 4/21/2009 7:33:21 PM | Computer Name = 1-8927C7F107494 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 4/21/2009 9:48:38 PM | Computer Name = 1-8927C7F107494 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 4/21/2009 10:10:28 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 4/21/2009 10:10:37 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB962870).

Error - 4/21/2009 10:10:45 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 4/22/2009 12:31:15 AM | Computer Name = 1-8927C7F107494 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3


< End of report >


OTListIt logfile created on: 4/22/2009 2:45:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\1\Desktop\Khoi Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 320.49 Mb Available Physical Memory | 31.57% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 81.36 Gb Free Space | 34.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1-8927C7F107494
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2007/10/18 10:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2008/11/07 13:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/11/07 13:01:21 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
PRC - [2007/12/17 11:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2008/11/16 16:46:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/11/07 13:01:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
PRC - [2008/04/14 09:42:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/08/01 13:18:19 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2006/08/01 20:40:18 | 16,049,664 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/03/23 13:43:40 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/03/23 13:47:50 | 00,118,784 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2009/01/24 07:39:35 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2007/11/07 13:01:22 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
PRC - [2005/11/30 11:51:29 | 02,919,831 | ---- | M] (OptusNet) -- C:\Program Files\OptusNet DSL Internet\DSC.exe
PRC - [2008/08/01 13:18:19 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2008/01/15 19:07:52 | 00,084,480 | ---- | M] () -- C:\windows\hffext\hffsrv.exe
PRC - [2008/01/11 06:10:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/24 07:39:35 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2007/11/07 12:53:13 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2009/01/06 12:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/06/14 15:14:18 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
PRC - [2007/11/07 12:53:13 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2006/12/23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2009/01/15 01:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/09/02 15:13:11 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/03/26 18:41:50 | 01,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
PRC - [2009/01/06 12:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/03/28 11:20:20 | 01,079,296 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2006/12/23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009/01/09 13:09:12 | 00,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/01/15 01:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/05/17 15:05:52 | 02,297,856 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2008/03/17 10:51:04 | 00,430,080 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/02/26 13:12:20 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 08:11:02 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2008/03/19 15:24:20 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2009/04/20 07:49:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\Khoi Folder\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 13:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/01/24 07:39:35 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
SRV - [2007/11/07 13:01:21 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe [Auto | Running])
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/16 12:52:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/12/17 11:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/04/16 21:40:49 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 09:42:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/01/06 12:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2008/11/16 16:46:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - File not found -- -- (npkcmsvc [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/11/07 12:53:13 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Running])
SRV - [2005/08/03 06:48:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/03/17 10:51:04 | 00,430,080 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Running])
SRV - [2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Running])
SRV - [2007/10/18 10:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Running])
SRV - [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/11/07 13:01:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT [Auto | Running])
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/01/09 14:42:06 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/03/27 03:00:48 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - [2005/11/30 11:51:29 | 00,028,857 | ---- | M] (Siemens Subscriber Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\enethusb.sys -- (ENETHUSB [On_Demand | Stopped])
DRV - [2008/01/15 15:09:42 | 00,047,470 | ---- | M] () -- C:\WINDOWS\system32\drivers\FDCENT.SYS -- (FDCENT [System | Running])
DRV - [2007/10/17 13:53:16 | 00,043,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fssfltr.sys -- (fssfltr [Auto | Running])
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/14 02:06:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/01/23 00:26:30 | 00,017,264 | ---- | M] (FSPro Labs) -- C:\WINDOWS\SYSTEM32\DRIVERS\HFXP2.SYS -- (HFXP2 [Boot | Running])
DRV - [2006/03/23 14:17:06 | 01,166,972 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2006/08/01 20:37:02 | 04,356,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/06/24 19:08:36 | 00,063,504 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxagent.sys -- (KmxAgent [System | Running])
DRV - [2008/06/24 19:08:42 | 00,134,648 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxCF.sys -- (KmxCF [Auto | Running])
DRV - [2008/06/24 19:08:42 | 00,088,816 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxcfg.sys -- (KmxCfg [On_Demand | Running])
DRV - [2008/06/24 19:08:46 | 00,045,584 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxFile.sys -- (KmxFile [System | Running])
DRV - [2008/06/24 19:08:52 | 00,115,216 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxfw.sys -- (KmxFw [System | Running])
DRV - [2008/06/24 19:08:56 | 00,066,576 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\KmxSbx.sys -- (KmxSbx [Auto | Running])
DRV - [2008/06/24 19:08:58 | 00,093,712 | ---- | M] (CA) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart [Boot | Running])
DRV - [2008/02/29 02:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 02:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 02:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2004/08/13 12:26:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2008/04/14 04:23:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/11/29 10:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007/11/29 10:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2005/08/03 06:40:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2007/09/17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2006/02/28 21:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/06/12 21:50:00 | 00,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\WINDOWS\system32\DRIVERS\CESG502.sys -- (PVUSB [On_Demand | Stopped])
DRV - [2006/03/27 16:53:28 | 00,167,808 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\DRIVERS\wg111v2.sys -- (RTLWUSB [On_Demand | Stopped])
DRV - [2008/11/04 11:15:44 | 00,086,696 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s1018bus.sys -- (s1018bus [On_Demand | Stopped])
DRV - [2008/11/04 11:15:44 | 00,015,016 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys -- (s1018mdfl [On_Demand | Stopped])
DRV - [2008/11/04 11:15:44 | 00,114,472 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s1018mdm.sys -- (s1018mdm [On_Demand | Stopped])
DRV - [2006/11/10 18:23:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
DRV - [2006/11/10 18:23:48 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
DRV - [2006/11/10 18:23:50 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
DRV - [2006/11/10 18:23:54 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
DRV - [2006/11/10 18:23:56 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se2End5.sys -- (se2End5 [On_Demand | Stopped])
DRV - [2006/11/10 18:23:58 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
DRV - [2006/11/10 18:24:06 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
DRV - [2007/11/13 19:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/15 01:44:07 | 00,047,616 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2004/10/28 20:17:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2008/10/24 17:28:06 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2007/11/29 10:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/11/07 13:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 04:15:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2007/11/29 10:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2007/11/07 13:01:22 | 00,026,640 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
DRV - [2007/11/07 13:01:22 | 00,021,392 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
DRV - [2008/06/05 07:20:53 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
DRV - [2008/06/05 07:20:53 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
DRV - [2007/11/07 13:01:22 | 00,021,648 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
DRV - [2007/11/07 13:01:22 | 00,032,528 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
DRV - [2005/05/06 09:57:00 | 00,232,064 | R--- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/01/11 06:11:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/01/11 06:11:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/16 16:46:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/18 21:27:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/01 09:46:07 | 00,000,000 | ---D | M]

[2009/04/19 15:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\mozilla\Firefox\Profiles\hsco69ky.default\extensions
[2009/01/08 08:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\mozilla\Firefox\Profiles\hsco69ky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/18 21:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\mozilla\Firefox\Profiles\hsco69ky.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/04/19 15:47:47 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Mozilla\FireFox\Profiles\hsco69ky.default\searchplugins\ask.xml
[2009/04/19 15:57:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/22 13:35:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/16 16:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/01/11 06:11:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\real-networks@partners.mozilla.com
[2008/05/27 14:43:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\sotfone-tracker@sotfone.ru
[2008/05/18 07:38:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/22 13:35:54 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/22 13:35:54 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/22 13:35:54 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/22 13:35:54 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/22 13:35:54 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/05/27 14:43:16 | 00,000,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: (687 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live OneCare Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar4.dll (Ask.com)
O3 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe (OptusNet)
O4 - HKLM..\Run: [file wave user bat] C:\Documents and Settings\All Users\Application Data\Mail For File Wave\clock info.exe ()
O4 - HKLM..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray (Nokia)
O4 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004..\Run: [scr readme] C:\DOCUME~1\1\APPLIC~1\FLAPDA~1\One Store.exe (Tinab aswac)
O4 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9caf2552e25d4e5e922457707c766ed8 (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9caf2552e25d4e5e922457707c766ed8 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..Trusted Domains: facebook.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1417001333-1078145449-2147034123-1004\..Trusted Domains: 106 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\system32\UmxWnp.Dll (CA)
O24 - Desktop Components:0 (My Current Home Page) -
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/30 15:26:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}\Shell - "" = AutoRun
O33 - MountPoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/04/22 10:28:40 | 00,114,472 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdm.sys
[2009/04/22 10:28:40 | 00,015,016 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys
[2009/04/22 10:28:40 | 00,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cmnt.sys
[2009/04/22 10:28:40 | 00,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cm.sys
[2009/04/22 10:23:52 | 00,086,696 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018bus.sys
[2009/04/22 10:23:52 | 00,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018whnt.sys
[2009/04/22 10:23:52 | 00,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018wh.sys
[2009/04/22 10:19:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/22 10:19:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\My Documents\My Podcasts
[2009/04/22 10:19:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Sony
[2009/04/22 10:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\Sony
[2009/04/22 10:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/04/22 10:14:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/04/21 08:35:53 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/04/20 09:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\New Folder
[2009/04/20 07:51:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/20 07:51:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/20 07:51:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/18 21:26:31 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/04/18 20:09:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2009/04/18 20:09:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009/04/18 20:09:16 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2009/04/18 20:02:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Nokia
[2009/04/18 20:01:57 | 00,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2009/04/18 20:01:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2009/04/18 20:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2009/04/18 19:54:59 | 00,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2009/04/18 19:54:42 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2009/04/18 19:50:24 | 00,008,064 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2009/04/18 19:50:23 | 00,019,328 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2009/04/18 19:50:23 | 00,008,064 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2009/04/18 19:50:22 | 00,095,744 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2009/04/18 19:50:22 | 00,016,896 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2009/04/18 19:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/18 19:44:10 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/04/18 18:12:24 | 00,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\A4BED7B691C14F16.job
[2009/04/18 18:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\Flap Dart Dale
[2009/04/18 18:09:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Flap Dart Dale
[2009/04/18 17:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Circle Developement
[2009/04/17 16:03:18 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Anatomy assignment Pods.doc
[2009/04/17 16:02:06 | 00,002,712 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Spotter 1 timetable 10.00am.csv
[2009/04/17 16:01:57 | 00,001,849 | ---- | C] () -- C:\Documents and Settings\1\Desktop\spotter 1 timetale 11.00am.csv
[2009/04/17 16:01:22 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Instructions for Spotter test.doc
[2009/04/17 14:14:29 | 06,879,234 | ---- | C] (FrostWire, LLC) -- C:\Documents and Settings\1\My Documents\frostwire-4.17.2.windows.exe
[2009/04/17 14:06:30 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\1\Desktop\LimeWire 4.17.6.lnk
[2009/04/17 14:06:11 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/04/16 18:53:03 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 18:53:03 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 18:53:03 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 18:53:03 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 18:53:02 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 18:53:02 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 18:53:02 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 18:53:02 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 18:53:02 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 18:52:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 18:52:09 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 18:52:08 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/06 16:34:59 | 00,001,423 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Counter-Strike.lnk
[2009/04/05 14:21:08 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Shortcut to Local Area Connection.lnk
[2009/04/03 19:40:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\My Documents\Wii
[2009/04/03 16:14:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\My Documents\Downloads
[2009/04/03 16:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/04/03 16:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\uTorrent
[2009/04/02 15:35:24 | 00,072,259 | ---- | C] () -- C:\Documents and Settings\1\Desktop\nguyen[1].pdf
[2009/04/01 09:47:35 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/04/01 09:47:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/24 12:45:51 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\1\Desktop\Shortcut to replay.lnk
[2009/01/06 20:31:32 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/31 22:18:10 | 00,047,470 | ---- | C] () -- C:\WINDOWS\System32\drivers\FDCENT.SYS
[2008/12/31 16:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/06 15:45:46 | 00,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/12/06 15:45:46 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/03/16 16:43:05 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\KiTrain.dll
[2008/03/16 16:43:05 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\KiBypass.dll
[2008/03/12 16:50:26 | 00,000,364 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/16 21:05:53 | 00,044,440 | ---- | C] () -- C:\WINDOWS\System32\MtpAccess.dll
[2008/02/16 14:02:13 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2008/02/15 22:45:11 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll
[2008/02/14 20:51:13 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2008/02/14 20:50:18 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/02/14 20:50:18 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/02/14 20:50:17 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/02/14 20:50:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/01/11 06:13:56 | 00,000,158 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/07 13:23:43 | 00,012,889 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/05 09:01:26 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/02 14:16:22 | 00,000,675 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2007/09/02 11:58:45 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/08/30 18:31:47 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/30 15:47:12 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/30 15:45:40 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/30 15:45:40 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/30 15:45:39 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/30 15:45:38 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/30 15:45:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/08/30 15:40:06 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/08/30 15:39:55 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/30 15:35:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/05/03 16:44:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2006/02/28 21:30:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 21:30:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/08/03 06:54:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/22 14:47:13 | 00,000,558 | ---- | M] () -- C:\Documents and Settings\1\My Documents\My Sharing Folders.lnk
[2009/04/22 14:29:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/04/22 14:02:29 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/22 14:01:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/22 14:00:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/22 11:41:10 | 01,115,682 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/04/22 11:41:10 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/04/22 10:00:02 | 00,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\A4BED7B691C14F16.job
[2009/04/22 00:14:18 | 03,173,550 | -H-- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\IconCache.db
[2009/04/21 23:01:35 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 22:59:53 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Microsoft Office Word 2003.lnk
[2009/04/21 19:25:01 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
[2009/04/19 16:13:04 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/18 21:27:13 | 00,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2009/04/18 20:11:39 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2009/04/18 20:11:32 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[2009/04/18 20:09:16 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2009/04/17 16:03:19 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Anatomy assignment Pods.doc
[2009/04/17 16:02:06 | 00,002,712 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Spotter 1 timetable 10.00am.csv
[2009/04/17 16:01:58 | 00,001,849 | ---- | M] () -- C:\Documents and Settings\1\Desktop\spotter 1 timetale 11.00am.csv
[2009/04/17 16:01:22 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Instructions for Spotter test.doc
[2009/04/17 14:14:29 | 06,879,234 | ---- | M] (FrostWire, LLC) -- C:\Documents and Settings\1\My Documents\frostwire-4.17.2.windows.exe
[2009/04/17 14:06:30 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\1\Desktop\LimeWire 4.17.6.lnk
[2009/04/17 08:36:44 | 00,404,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 08:36:44 | 00,063,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 08:36:42 | 00,475,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 06:58:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 23:51:08 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 08:31:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/07 00:27:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 16:34:59 | 00,001,423 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Counter-Strike.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 14:21:08 | 00,000,444 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Shortcut to Local Area Connection.lnk
[2009/04/02 15:35:24 | 00,072,259 | ---- | M] () -- C:\Documents and Settings\1\Desktop\nguyen[1].pdf
[2009/04/01 09:47:35 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/03/27 16:28:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/24 12:45:52 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Shortcut to replay.lnk
< End of report >


Malwarebytes' Anti-Malware 1.36
Database version: 2012
Windows 5.1.2600 Service Pack 3

4/20/2009 10:18:37 PM
mbam-log-2009-04-20 (22-18-37).txt

Scan type: Quick Scan
Objects scanned: 134149
Time elapsed: 2 hour(s), 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\book knob dvd plus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcefpj0erc3 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\keep build book knob (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\trinh\Desktop\InstallAVg_880316.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\keep build book knob\Idle Flap.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\keep build book knob\Idle Flap.exe (Trojan.Agent) -> Delete on reboot.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 22 April 2009 - 03:01 PM

Hello.

There's still a bit more to do.

A program I need to warn you about.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent and LimeWire 4.17.6). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.


Please run Lop S&D.

Download and run LopS&D

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Post back with:
-Lop S&D log
-Let me know what symptoms do you still have
-How your computer is running?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 23 April 2009 - 05:54 AM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU 2140 @ 1.60GHz )
BIOS : BIOS Date: 11/30/06 16:05:16 Ver: 08.00.10
USER : 1 ( Administrator )
BOOT : Normal boot
Antivirus : CA Anti-Virus 8.4.0.16 (Activated)
Firewall : CA Personal Firewall 9.1.0.38 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:76 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Thu 04/23/2009| 7:40 )

--------------------\\ Listing folders in APPLIC~1

[07/16/2008|01:27] C:\DOCUME~1\1\APPLIC~1\<DIR> Adobe
[10/07/2007|01:00] C:\DOCUME~1\1\APPLIC~1\<DIR> Ahead
[02/10/2009|08:05] C:\DOCUME~1\1\APPLIC~1\<DIR> Apple Computer
[12/03/2008|06:43] C:\DOCUME~1\1\APPLIC~1\<DIR> AVS4YOU
[02/14/2008|08:53] C:\DOCUME~1\1\APPLIC~1\<DIR> DataCast
[11/18/2007|06:23] C:\DOCUME~1\1\APPLIC~1\<DIR> DivX
[03/27/2008|07:17] C:\DOCUME~1\1\APPLIC~1\<DIR> Download Manager
[02/01/2009|06:12] C:\DOCUME~1\1\APPLIC~1\<DIR> dvdcss
[04/18/2009|06:12] C:\DOCUME~1\1\APPLIC~1\<DIR> Flap Dart Dale
[11/15/2008|10:53] C:\DOCUME~1\1\APPLIC~1\<DIR> Google
[07/01/2008|07:40] C:\DOCUME~1\1\APPLIC~1\<DIR> gtk-2.0
[09/02/2007|12:31] C:\DOCUME~1\1\APPLIC~1\<DIR> Help
[08/30/2007|03:31] C:\DOCUME~1\1\APPLIC~1\<DIR> Identities
[02/14/2008|08:33] C:\DOCUME~1\1\APPLIC~1\<DIR> InstallShield
[11/06/2007|08:12] C:\DOCUME~1\1\APPLIC~1\<DIR> Lavasoft
[01/09/2009|01:09] C:\DOCUME~1\1\APPLIC~1\<DIR> Leadertech
[04/22/2009|09:41] C:\DOCUME~1\1\APPLIC~1\<DIR> LimeWire
[01/09/2009|01:09] C:\DOCUME~1\1\APPLIC~1\<DIR> Logitech
[06/23/2008|08:29] C:\DOCUME~1\1\APPLIC~1\<DIR> Macromedia
[07/20/2008|09:24] C:\DOCUME~1\1\APPLIC~1\<DIR> Malwarebytes
[02/02/2008|11:45] C:\DOCUME~1\1\APPLIC~1\<DIR> Media Player Classic
[03/06/2009|03:37] C:\DOCUME~1\1\APPLIC~1\<DIR> Microsoft
[01/11/2008|06:12] C:\DOCUME~1\1\APPLIC~1\<DIR> Mozilla
[09/02/2007|07:08] C:\DOCUME~1\1\APPLIC~1\<DIR> MSNInstaller
[09/10/2007|07:24] C:\DOCUME~1\1\APPLIC~1\<DIR> Nexon
[04/18/2009|08:10] C:\DOCUME~1\1\APPLIC~1\<DIR> Nokia
[08/09/2008|04:41] C:\DOCUME~1\1\APPLIC~1\<DIR> Nokia Multimedia Player
[04/20/2009|09:21] C:\DOCUME~1\1\APPLIC~1\<DIR> PC Suite
[11/25/2007|08:21] C:\DOCUME~1\1\APPLIC~1\<DIR> Printer Info Cache
[01/11/2008|06:12] C:\DOCUME~1\1\APPLIC~1\<DIR> Real
[07/26/2008|10:42] C:\DOCUME~1\1\APPLIC~1\<DIR> RSG
[04/22/2009|10:19] C:\DOCUME~1\1\APPLIC~1\<DIR> Sony
[09/19/2007|05:49] C:\DOCUME~1\1\APPLIC~1\<DIR> Sony Ericsson
[10/04/2007|03:30] C:\DOCUME~1\1\APPLIC~1\<DIR> Sun
[11/07/2007|02:30] C:\DOCUME~1\1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/11/2008|06:14] C:\DOCUME~1\1\APPLIC~1\<DIR> Talkback
[09/19/2007|05:49] C:\DOCUME~1\1\APPLIC~1\<DIR> Teleca
[09/21/2008|12:09] C:\DOCUME~1\1\APPLIC~1\<DIR> U3
[04/22/2009|11:15] C:\DOCUME~1\1\APPLIC~1\<DIR> uTorrent
[01/31/2009|03:22] C:\DOCUME~1\1\APPLIC~1\<DIR> Ventrilo
[08/31/2007|05:27] C:\DOCUME~1\1\APPLIC~1\<DIR> vlc
[03/10/2008|08:49] C:\DOCUME~1\1\APPLIC~1\<DIR> WinRAR
[02/18/2009|08:30] C:\DOCUME~1\1\APPLIC~1\<DIR> Yahoo!

[04/14/2008|09:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[02/09/2009|05:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[04/01/2009|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/27/2007|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/27/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/27/2008|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/14/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg7
[12/03/2008|06:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[06/14/2008|02:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA
[04/18/2009|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Downloaded Installations
[07/16/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[09/09/2008|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/18/2009|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Installations
[03/28/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> kfoxwngp
[08/31/2007|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LightScribe
[01/09/2009|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[01/09/2009|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[02/15/2009|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mail For File Wave
[07/20/2008|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/14/2008|05:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[04/25/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[03/06/2009|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/11/2008|06:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[08/30/2007|04:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[07/11/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS
[10/15/2008|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[03/10/2009|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/18/2009|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Suite
[03/27/2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pI3demoLicense
[11/14/2008|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PMB Files
[08/30/2007|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[04/22/2009|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[09/19/2007|05:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Ericsson
[09/12/2008|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/06/2007|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[11/07/2007|02:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[09/19/2007|05:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Teleca
[02/18/2009|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/15/2008|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/30/2007|06:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Live Toolbar
[04/18/2009|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[03/27/2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> wondertouch
[09/09/2007|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[02/18/2009|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/14/2008|08:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[04/14/2008|09:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/14/2008|09:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[11/07/2008|05:15] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Adobe
[09/27/2007|08:56] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Ahead
[03/06/2009|05:57] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Apple Computer
[04/03/2009|06:19] C:\DOCUME~1\trinh\APPLIC~1\<DIR> com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[09/28/2007|09:45] C:\DOCUME~1\trinh\APPLIC~1\<DIR> DivX
[09/03/2007|01:03] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Google
[11/21/2007|05:24] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Help
[08/31/2007|07:48] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Identities
[02/04/2009|06:20] C:\DOCUME~1\trinh\APPLIC~1\<DIR> LimeWire
[01/18/2009|04:23] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Logitech
[08/31/2007|09:05] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Macromedia
[09/08/2008|08:03] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Malwarebytes
[09/28/2007|10:10] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Media Player Classic
[02/16/2009|10:33] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Microsoft
[01/25/2008|03:37] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Mozilla
[09/09/2007|11:40] C:\DOCUME~1\trinh\APPLIC~1\<DIR> MSNInstaller
[11/30/2007|05:13] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Nexon
[09/15/2007|08:55] C:\DOCUME~1\trinh\APPLIC~1\<DIR> PC Suite
[03/06/2009|05:50] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Real
[09/20/2007|09:03] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Sony Ericsson
[09/20/2007|02:44] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Sun
[01/25/2008|03:37] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Talkback
[09/20/2007|09:03] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Teleca
[09/05/2007|01:22] C:\DOCUME~1\trinh\APPLIC~1\<DIR> vlc
[05/19/2008|05:05] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Windows Live Writer
[03/19/2008|06:47] C:\DOCUME~1\trinh\APPLIC~1\<DIR> WinRAR
[09/09/2007|12:02] C:\DOCUME~1\trinh\APPLIC~1\<DIR> Yahoo!


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/22/2009 11:00 PM][--ah-----] C:\WINDOWS\tasks\A4BED7B691C14F16.job
[04/23/2009 07:32 AM][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
[02/18/2009 07:15 PM][--a------] C:\WINDOWS\tasks\RegCure.job
[04/07/2009 08:31 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/21/2009 07:25 PM][--a------] C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
[04/22/2009 10:29 PM][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[04/23/2009 07:32 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/28/2006 09:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A4BED7B691C14F16.job )=( c:\docume~1\1\applic~1\flapda~1\rulepartbody.exe )

--------------------\\ Listing Folders in C:\Program Files

[04/01/2009|09:47] C:\Program Files\<DIR> Adobe
[12/06/2008|03:45] C:\Program Files\<DIR> AGI
[02/10/2009|06:16] C:\Program Files\<DIR> Apple Software Update
[04/18/2009|09:26] C:\Program Files\<DIR> AskBarDis
[04/04/2009|06:51] C:\Program Files\<DIR> AVS4YOU
[04/04/2009|06:52] C:\Program Files\<DIR> BitComet
[02/09/2009|05:35] C:\Program Files\<DIR> Bonjour
[11/07/2007|12:50] C:\Program Files\<DIR> CA
[02/24/2009|03:54] C:\Program Files\<DIR> CASIO
[04/18/2009|05:18] C:\Program Files\<DIR> Circle Developement
[04/22/2009|10:15] C:\Program Files\<DIR> Common Files
[08/30/2007|03:23] C:\Program Files\<DIR> ComPlus Applications
[04/18/2009|07:55] C:\Program Files\<DIR> DIFX
[01/05/2009|11:11] C:\Program Files\<DIR> directx
[01/05/2009|11:03] C:\Program Files\<DIR> Eidos Interactive
[11/13/2008|02:52] C:\Program Files\<DIR> EsetOnlineScanner
[01/01/2009|11:01] C:\Program Files\<DIR> Everstrike Software
[04/18/2009|06:09] C:\Program Files\<DIR> Flap Dart Dale
[04/08/2009|05:18] C:\Program Files\<DIR> Garena
[01/26/2009|07:55] C:\Program Files\<DIR> Google
[01/21/2008|07:34] C:\Program Files\<DIR> Growler Guncam
[12/31/2008|10:18] C:\Program Files\<DIR> Hide Files and Folders
[01/01/2009|09:59] C:\Program Files\<DIR> Hide Folders XP 2
[02/24/2009|03:54] C:\Program Files\<DIR> InstallShield Installation Information
[02/04/2009|04:25] C:\Program Files\<DIR> Internet Explorer
[02/09/2009|05:41] C:\Program Files\<DIR> iPod
[02/09/2009|05:43] C:\Program Files\<DIR> iTunes
[11/16/2008|04:46] C:\Program Files\<DIR> Java
[08/30/2007|03:45] C:\Program Files\<DIR> K-Lite Codec Pack
[02/14/2008|08:51] C:\Program Files\<DIR> Lame MP3 Codec
[02/15/2008|10:46] C:\Program Files\<DIR> LG Electronics
[02/15/2008|10:45] C:\Program Files\<DIR> LGGSM
[04/17/2009|02:06] C:\Program Files\<DIR> LimeWire
[01/09/2009|01:09] C:\Program Files\<DIR> Logitech
[04/20/2009|07:51] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/14/2008|08:50] C:\Program Files\<DIR> MarkAny
[08/16/2008|10:23] C:\Program Files\<DIR> Messenger
[04/18/2009|05:18] C:\Program Files\<DIR> Messenger Plus! Live
[08/30/2007|03:34] C:\Program Files\<DIR> Microsoft ActiveSync
[01/13/2008|06:36] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/30/2007|03:26] C:\Program Files\<DIR> microsoft frontpage
[03/22/2009|09:51] C:\Program Files\<DIR> Microsoft Office
[03/04/2008|07:35] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[08/30/2007|03:34] C:\Program Files\<DIR> Microsoft Visual Studio
[06/25/2008|07:23] C:\Program Files\<DIR> Microsoft Windows OneCare Live
[08/30/2007|03:34] C:\Program Files\<DIR> Microsoft Works
[08/30/2007|03:35] C:\Program Files\<DIR> Microsoft.NET
[07/25/2008|07:44] C:\Program Files\<DIR> Movie Maker
[04/20/2009|10:19] C:\Program Files\<DIR> Mozilla Firefox
[03/22/2009|09:51] C:\Program Files\<DIR> MSECache
[08/31/2007|06:49] C:\Program Files\<DIR> MSN
[08/30/2007|03:23] C:\Program Files\<DIR> MSN Gaming Zone
[09/20/2007|10:20] C:\Program Files\<DIR> MSXML 4.0
[08/30/2007|04:02] C:\Program Files\<DIR> Nero
[01/09/2008|02:41] C:\Program Files\<DIR> NETGEAR
[12/07/2008|08:34] C:\Program Files\<DIR> NetMeeting
[04/18/2009|08:01] C:\Program Files\<DIR> Nokia
[10/15/2008|09:09] C:\Program Files\<DIR> NOS
[08/30/2007|03:23] C:\Program Files\<DIR> Online Services
[08/30/2007|06:35] C:\Program Files\<DIR> OptusNet DSL Internet
[07/25/2008|07:38] C:\Program Files\<DIR> Outlook Express
[11/14/2008|07:45] C:\Program Files\<DIR> Pando Networks
[04/18/2009|07:54] C:\Program Files\<DIR> PC Connectivity Solution
[01/11/2008|06:10] C:\Program Files\<DIR> Real
[08/30/2007|03:45] C:\Program Files\<DIR> Realtek
[02/14/2008|08:50] C:\Program Files\<DIR> Samsung
[08/30/2007|06:35] C:\Program Files\<DIR> Siemens Subscriber Networks
[03/22/2009|01:05] C:\Program Files\<DIR> SIW
[09/02/2008|06:45] C:\Program Files\<DIR> Smart PC Solutions
[04/15/2008|09:29] C:\Program Files\<DIR> softnyx
[04/22/2009|10:14] C:\Program Files\<DIR> Sony
[04/22/2009|10:14] C:\Program Files\<DIR> Sony Ericsson
[04/04/2009|06:57] C:\Program Files\<DIR> StealthBot
[09/08/2007|01:47] C:\Program Files\<DIR> Techland
[08/30/2007|03:31] C:\Program Files\<DIR> Uninstall Information
[04/05/2009|09:41] C:\Program Files\<DIR> uTorrent
[01/06/2009|08:31] C:\Program Files\<DIR> Ventrilo
[10/24/2007|06:22] C:\Program Files\<DIR> VideoLAN
[04/22/2009|04:32] C:\Program Files\<DIR> Warcraft III
[08/28/2008|09:45] C:\Program Files\<DIR> WC3Banlist
[09/14/2008|11:31] C:\Program Files\<DIR> Windows Live
[01/13/2008|12:28] C:\Program Files\<DIR> Windows Live Favorites
[02/14/2009|03:02] C:\Program Files\<DIR> Windows Live Safety Center
[01/13/2008|06:34] C:\Program Files\<DIR> Windows Live Toolbar
[02/14/2008|03:05] C:\Program Files\<DIR> Windows Media Connect 2
[07/25/2008|07:39] C:\Program Files\<DIR> Windows Media Player
[07/25/2008|07:38] C:\Program Files\<DIR> Windows NT
[08/30/2007|03:25] C:\Program Files\<DIR> WindowsUpdate
[11/22/2008|12:18] C:\Program Files\<DIR> WinMX
[08/08/2008|06:37] C:\Program Files\<DIR> WinPcap
[06/26/2008|06:02] C:\Program Files\<DIR> WinRAR
[08/30/2007|03:26] C:\Program Files\<DIR> xerox
[02/14/2008|08:51] C:\Program Files\<DIR> XviD
[02/18/2009|08:30] C:\Program Files\<DIR> Yahoo!
[01/21/2008|07:27] C:\Program Files\<DIR> ZD Soft

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/01/2009|09:46] C:\Program Files\Common Files\<DIR> Adobe
[04/01/2009|09:47] C:\Program Files\Common Files\<DIR> Adobe AIR
[08/30/2007|04:03] C:\Program Files\Common Files\<DIR> Ahead
[02/09/2009|05:41] C:\Program Files\Common Files\<DIR> Apple
[04/04/2009|06:51] C:\Program Files\Common Files\<DIR> AVSMedia
[08/30/2007|03:34] C:\Program Files\Common Files\<DIR> DESIGNER
[07/20/2008|09:21] C:\Program Files\Common Files\<DIR> Download Manager
[11/23/2008|10:18] C:\Program Files\Common Files\<DIR> Everstrike Software
[01/21/2008|07:32] C:\Program Files\Common Files\<DIR> GC Install
[02/05/2008|05:46] C:\Program Files\Common Files\<DIR> INCA Shared
[02/15/2008|10:44] C:\Program Files\Common Files\<DIR> InstallShield
[08/30/2007|03:35] C:\Program Files\Common Files\<DIR> L&H
[08/30/2007|04:06] C:\Program Files\Common Files\<DIR> LightScribe
[01/09/2009|01:09] C:\Program Files\Common Files\<DIR> Logishrd
[07/16/2008|12:52] C:\Program Files\Common Files\<DIR> Macrovision Shared
[03/22/2009|09:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/30/2007|03:24] C:\Program Files\Common Files\<DIR> MSSoap
[04/18/2009|08:01] C:\Program Files\Common Files\<DIR> Nokia
[08/31/2007|12:47] C:\Program Files\Common Files\<DIR> ODBC
[04/18/2009|08:01] C:\Program Files\Common Files\<DIR> PCSuite
[01/11/2008|06:11] C:\Program Files\Common Files\<DIR> Real
[11/07/2007|02:33] C:\Program Files\Common Files\<DIR> Scanner
[08/30/2007|03:24] C:\Program Files\Common Files\<DIR> Services
[04/22/2009|10:15] C:\Program Files\Common Files\<DIR> Sony Shared
[08/31/2007|12:47] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/07/2007|02:33] C:\Program Files\Common Files\<DIR> Symantec Shared
[07/25/2008|07:38] C:\Program Files\Common Files\<DIR> System
[09/19/2007|05:46] C:\Program Files\Common Files\<DIR> Teleca Shared
[01/13/2008|12:16] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[01/06/2009|08:30] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/11/2008|06:11] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 74 Processes )

IEXPLORE.EXE ~ [PID:800]
IEXPLORE.EXE ~ [PID:3688]
iexplore.exe ~ [PID:3948]
iexplore.exe ~ [PID:2204]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mail For File Wave
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mail For File Wave\clock info.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mail For File Wave\clock info.exe
C:\DOCUME~1\1\APPLIC~1\flapda~1
C:\DOCUME~1\1\APPLIC~1\flapda~1\Debug Mapi Defy List.exe
C:\DOCUME~1\1\APPLIC~1\flapda~1\efuzjbbr.exe
C:\DOCUME~1\1\APPLIC~1\flapda~1\One Store.exe
C:\DOCUME~1\1\APPLIC~1\flapda~1\rule part body.exe
C:\Program Files\flapda~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\1\Cookies\1@game-advertising-online[1].txt
C:\DOCUME~1\1\Cookies\1@thepimps.bigpoint[2].txt
C:\DOCUME~1\1\Cookies\1@adopt.euroclick[1].txt
C:\DOCUME~1\1\Cookies\1@adopt.euroclick[2].txt
C:\DOCUME~1\1\Cookies\1@32vegas[2].txt
C:\WINDOWS\Tasks\A4BED7B691C14F16.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scr readme"="C:\\DOCUME~1\\1\\APPLIC~1\\FLAPDA~1\\One Store.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"file wave user bat"="C:\\Documents and Settings\\All Users\\Application Data\\Mail For File Wave\\clock info.exe"

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 07:42:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 26

--------------------\\ Searching for other infections


No other infections found !

[F:142][D:8]-> C:\DOCUME~1\1\LOCALS~1\Temp
[F:241][D:0]-> C:\DOCUME~1\1\Cookies
[F:7507][D:11]-> C:\DOCUME~1\1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 01/06/2009|18:47 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 04/23/2009| 7:45 - Option : [1]

--------------------\\ Scan completed at 7:45:35


still have CiDpopups

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 23 April 2009 - 03:13 PM

Hello.

still have CiDpopups

Yes, we will deal with that now.... Please be paitent..

Uninstall Known LOP infected programs

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media
Messenger Plus! Live
<- These ones are bundled with malware/spyware. Please remove as I see you installed it.
Messenger Plus! Live & Sponsor (CiD) <- These ones are bundled with malware/spyware. Please remove as I see you installed it.

Be sure to reboot when done.

Run Lop S&D using Option 2

Download Lop S&D by Eric_71 and save it to your desktop again if you have lost your copy..

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Delete Extra.txt you have that was created by OTListIT2. Now re-run OTListIT2.

Post back with:
-Lop SD log
-New OTListIT2 log
-Extra log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 23 April 2009 - 06:28 PM

hey u dont have to remove messenger plus because you can change it and go remove sponsors, can i do that because i like to have messenger plus.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users