Scrolling problem and noticeable slowdown

Hello,

My computer had been out for repairs for quite some days, and they said they had formatted it to remove all the viruses. Due to problem with a RAM card, I have only 256MB of ram now (I had 512 earlier). Things are noticeably slower, although I suppose that is due to the ram decrease. Also, I have got a new problem. My scrollbar keeps jumping around in Windows Explorer as well as most of the browsers I have. I posted about this in the malware removal forum, where one helper suggested running a MalwareBytes scan. That threw up no threats. But since then, I have ran an Avast! Boot Time scan, which detected one item, and Ad-Aware, which detected 5 suspicious files. I just want to make sure this problem is not due to anything bad on my computer before looking for hardware problems. I am giving the DDS.txt as well as attach.txt.

Thanks.


DDS (Ver_09-03-16.01) - FAT32x86
Run by first at 10:50:38.81 on Sun 04/26/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {0096cc0a-623c-4829-ad9c-19af0dc9d8fe} - DAPBHO Class
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\flashget\getflash.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "d:\program files\dna\btdna.exe"
uRun: [LDM] d:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [avast!] h:\alwils~1\avast4\ashDisp.exe
mRun: [zBrowser Launcher] d:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
dRunOnce: [RunNarrator] Narrator.exe
IE: &Download All with FlashGet - e:\flashget\jc_all.htm
IE: &Download with Download Accelerator Lite
IE: &Download with FlashGet - e:\flashget\jc_link.htm
IE: &Search - ?p=ZNxmk789YYIN
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://d:\tempei4\ei40_\msxml4.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - d:\windows\wc98pp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - d:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - d:\program files\microsoft activesync\cenetflt.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - d:\windows\system32\klogon.dll
AppInit_DLLs: d:\progra~1\google\go333c~1\goec62~1.dll,e:\kasper~1\adialhk.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\first\applic~1\mozilla\firefox\profiles\z7emj4gd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: d:\documents and settings\first\application

data\mozilla\firefox\profiles\z7emj4gd.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: e:\avg\avg8\firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\first\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: d:\documents and settings\first\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: h:\i tunes\mozilla plugins\npitunes.dll
FF - plugin: h:\realplayer\netscape6\nppl3260.dll
FF - plugin: h:\realplayer\netscape6\nprjplug.dll
FF - plugin: h:\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-25 07:36 <DIR> --dsh--- D:\FOUND.001
2009-04-24 13:28 <DIR> --d-h--- d:\docume~1\alluse~1\applic~1\~0
2009-04-24 12:03 <DIR> --d----- d:\program files\Folding@home
2009-04-24 12:03 <DIR> --d----- d:\docume~1\first\applic~1\Folding@home-x86
2009-04-23 08:25 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-04-23 08:25 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:25 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-04-22 13:21 127 a------- d:\windows\_delis43.ini
2009-04-22 12:00 <DIR> --dsh--- D:\FOUND.000
2009-04-21 16:54 14,048 -------- d:\windows\system32\spmsg2.dll
2009-04-21 16:49 <DIR> --d----- d:\program files\MSXML 6.0
2009-04-21 16:10 81,408 a----r-- d:\windows\system32\drivers\Rtnicxp.sys
2009-03-28 16:41 218,624 a------- d:\windows\system32\uxtheme.dll
2009-03-28 16:41 <DIR> --d----- d:\windows\system32

==================== Find3M ====================

2009-02-14 21:13 359,808 a------- d:\windows\system32\dllcache\TCPIP.SYS
2009-01-26 22:26 38,960 a------- d:\docume~1\first\applic~1\GDIPFONTCACHEV1.DAT
2007-11-22 18:17 5,759 a------- d:\program files\install.log
2006-06-11 20:28 8 a------- d:\docume~1\first\applic~1\usb.dat.bin
2003-10-21 23:15 38,400 a------- d:\documents and settings\first\3dsmax6-keygen.exe
2003-08-27 11:49 3,424 a------- d:\windows\inf\other\cmiainfo.sys
2007-01-17 16:57 152 ---shr-- d:\windows\system32\1854DBF97A.dll
2008-10-08 10:25 32 a--sh--- d:\windows\system32\drivers\fidbox.dat
2008-10-08 10:25 32 a--sh--- d:\windows\system32\drivers\fidbox2.dat

============= FINISH: 10:51:16.90 ===============

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K

Thanks for the reply.

I have resolved the original problem (scrollbar being erratic) but there is no telling when it might return. I also want to make sure that there are no other problems with my PC.

When I ran the DDS Scan, however, it showed that it could not find two startup files or something (the console window). Sorry, I didn't get the exact file names.

Here is the DDS Log. I am attaching the attach.txt file as well.

------------------


DDS (Ver_09-03-16.01) - FAT32x86
Run by first at 13:25:06.84 on Sun 05/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {0096cc0a-623c-4829-ad9c-19af0dc9d8fe} - DAPBHO Class
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\flashget\jccatch.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\flashget\getflash.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [LDM] d:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [avast!] h:\alwils~1\avast4\ashDisp.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: &Download All with FlashGet - e:\flashget\jc_all.htm
IE: &Download with Download Accelerator Lite
IE: &Download with FlashGet - e:\flashget\jc_link.htm
IE: &Search - ?p=ZNxmk789YYIN
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://d:\tempei4\ei40_\msxml4.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - d:\windows\wc98pp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - d:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - d:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - d:\program files\microsoft activesync\cenetflt.dll
Notify: !SASWinLogon - h:\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - d:\windows\system32\klogon.dll
AppInit_DLLs: d:\progra~1\google\go333c~1\goec62~1.dll,e:\kasper~1\adialhk.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - h:\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-06 20:48 <DIR> --dsh--- D:\FOUND.001
2009-05-06 12:17 <DIR> --d----- d:\program files\Microsoft Windows Script
2009-05-06 09:44 <DIR> --dsh--- D:\FOUND.000
2009-05-05 17:30 <DIR> --d----- D:\Rooter$
2009-05-04 14:14 43,405,312 a------- d:\windows\system32\BMUZDI
2009-05-04 10:13 0 a------- D:\CEPx9C02.tmp
2009-05-03 20:27 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-03 20:27 <DIR> --d----- d:\docume~1\first\applic~1\SUPERAntiSpyware.com
2009-05-03 20:26 <DIR> --d----- d:\program files\common files\Wise Installation Wizard
2009-04-30 19:26 <DIR> --d----- D:\VundoFix Backups
2009-04-24 12:03 <DIR> --d----- d:\program files\Folding@home
2009-04-24 12:03 <DIR> --d----- d:\docume~1\first\applic~1\Folding@home-x86
2009-04-23 08:25 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-04-21 16:49 <DIR> --d----- d:\program files\MSXML 6.0

==================== Find3M ====================

2009-04-30 04:40 290,816 a------- d:\windows\winsrv.dll
2009-04-06 15:32 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-02-14 21:13 359,808 a------- d:\windows\system32\dllcache\TCPIP.SYS
2009-01-26 22:26 38,960 a------- d:\docume~1\first\applic~1\GDIPFONTCACHEV1.DAT
2007-11-22 18:17 5,759 a------- d:\program files\install.log
2006-06-11 20:28 8 a------- d:\docume~1\first\applic~1\usb.dat.bin
2003-08-27 11:49 3,424 a------- d:\windows\inf\other\cmiainfo.sys
2007-01-17 16:57 152 ---shr-- d:\windows\system32\1854DBF97A.dll
2008-10-08 10:25 32 a--sh--- d:\windows\system32\drivers\fidbox.dat
2008-10-08 10:25 32 a--sh--- d:\windows\system32\drivers\fidbox2.dat

============= FINISH: 13:25:40.21 ===============

Also, there is a specific file that Avast detects as a virus. But it cannot perform any action on it, like Deleting, Repairing, Moving to Chest, Renaming, etc. It is in the D:\WINDOWS\Installer folder. And the file name is fe0df6.msi

I've got it scanned by VirusTotal as well. Around 5 or 6 (can't remember the exact number; will post the results if required) detected it as a virus.

What I need to know is, could it be a virus?

Hello, serat

Also, there is a specific file that Avast detects as a virus. But it cannot perform any action on it, like Deleting, Repairing, Moving to Chest, Renaming, etc. It is in the D:\WINDOWS\Installer folder. And the file name is fe0df6.msi

I've got it scanned by VirusTotal as well. Around 5 or 6 (can't remember the exact number; will post the results if required) detected it as a virus.

What I need to know is, could it be a virus?

Not sure.

We need to back up your registry

• Please download ERUNT and save it to your desktop.
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

We need to create an OTListIt2 Report

• Please download OTListIt2 from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

We need to scan for Rootkits with GMER

• Please download GMER from one of the following locations, and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
• Close any and all open programs, as this process may crash your computer.
• Double click or on your desktop.
• Allow the gmer.sys driver to load if asked.
• You may see this window. If you do, click No.
  
  
• Click on and wait for the scan to finish.
• If you see a rootkit warning window, click OK.
• Push and save the logfile to your desktop.
• Copy and Paste the contents of that file in your next post.

In your next reply, please include the following:

• OTListIt.txt
• Extra.txt
• GMER's Log

Billy3

I ran all the scans you asked. GMER initially Blue Screened on me, but I restarted the computer and then disabled Avast and ran it again.

Here are the three logs, in the order you asked.

------------

OTListIt logfile created on: 5/11/2009 9:52:01 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = D:\Documents and Settings\first\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 66.09 Mb Available Physical Memory | 25.87% Memory free
1.31 Gb Paging File | 0.99 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 720 720 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.03 Gb Total Space | 1.91 Gb Free Space | 38.03% Space Free | Partition Type: FAT32
Drive D: | 12.41 Gb Total Space | 1.96 Gb Free Space | 15.82% Space Free | Partition Type: FAT32
Drive E: | 7.53 Gb Total Space | 1.99 Gb Free Space | 26.49% Space Free | Partition Type: FAT32
Drive F: | 11.49 Gb Total Space | 0.85 Gb Free Space | 7.41% Space Free | Partition Type: FAT32
Drive G: | 8.95 Gb Total Space | 1.81 Gb Free Space | 20.25% Space Free | Partition Type: FAT32
Drive H: | 9.54 Gb Total Space | 3.73 Gb Free Space | 39.10% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 19.56 Gb Total Space | 13.19 Gb Free Space | 67.42% Space Free | Partition Type: NTFS

Computer Name: PERSONAL
Current User Name: first
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/06 02:31:26 | 00,018,752 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/06 02:38:40 | 00,138,680 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashServ.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/03/19 15:25:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe
PRC - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/01/11 17:48:50 | 00,063,112 | ---- | M] (CANON INC.) -- D:\WINDOWS\system32\CNAB3RPK.EXE
PRC - [2009/02/06 02:38:26 | 00,254,040 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/06 02:36:04 | 00,352,920 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004/08/03 19:26:50 | 03,194,368 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2003/12/18 11:15:26 | 00,180,224 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\pctspk.exe
PRC - [2009/02/06 02:38:46 | 00,081,000 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashDisp.exe
PRC - [2005/09/20 10:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/11 09:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/06 02:31:26 | 00,018,752 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/06 02:38:40 | 00,138,680 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/06 02:38:26 | 00,254,040 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/06 02:36:04 | 00,352,920 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/03/03 21:39:44 | 00,242,688 | ---- | M] (Outertech) -- H:\Cacheman\CachemanXP\CachemanXP.exe -- (CachemanXPService [On_Demand | Stopped])
SRV - [2009/05/04 14:12:44 | 00,347,008 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Documents and Settings\first\Local Settings\Temp\CHMVYJGW.exe -- (CHMVYJGW [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/05/04 19:05:00 | 00,408,448 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Documents and Settings\first\Local Settings\Temp\HVYIGP.exe -- (HVYIGP [On_Demand | Stopped])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/03/19 15:25:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - File not found -- -- (OracleOraHome90TNSListener [Auto | Stopped])
SRV - File not found -- -- (OracleServiceACHUTHAN [Auto | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006/10/16 16:10:58 | 00,023,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2009/05/04 18:22:16 | 00,375,680 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Documents and Settings\first\Local Settings\Temp\SV.exe -- (SV [On_Demand | Stopped])
SRV - [2009/05/04 14:56:08 | 00,551,808 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Documents and Settings\first\Local Settings\Temp\SVTBWYANVKWKF.exe -- (SVTBWYANVKWKF [On_Demand | Stopped])
SRV - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- H:\Visual Basic\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/06 02:35:12 | 00,026,944 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2003/03/14 00:04:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- D:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [2009/02/06 02:37:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/06 02:38:10 | 00,094,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/06 02:36:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/06 02:37:24 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/06 02:36:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/07/12 16:28:54 | 00,049,904 | R--- | M] (Avanquest Software) -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - [2003/09/15 11:49:42 | 00,752,960 | ---- | M] (C-Media Inc) -- D:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
DRV - [2006/11/30 17:07:32 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- D:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/04 01:03:26 | 00,005,248 | ---- | M] () -- D:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/03/10 19:12:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Running])
DRV - [2008/06/03 13:03:20 | 00,194,320 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF [On_Demand | Stopped])
DRV - [2007/04/04 14:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2004/03/03 15:20:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
DRV - [2004/03/03 15:20:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2002/09/20 16:23:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- D:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/10/18 11:48:38 | 00,154,752 | ---- | M] (PixArt Imaging Inc.) -- D:\WINDOWS\system32\DRIVERS\PA707UCM.SYS -- (PAC7311 [On_Demand | Running])
DRV - [2001/08/23 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/12/18 09:30:36 | 00,356,351 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptserial.sys -- (Ptserial [On_Demand | Running])
DRV - [2007/03/08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/02/27 03:16:20 | 00,081,408 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2001/08/23 18:33:54 | 00,025,434 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/02/22 16:10:24 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/05/09 02:30:56 | 00,033,248 | ---- | M] (Sonic Focus, Inc) -- D:\WINDOWS\system32\drivers\sf.sys -- (sf [System | Running])
DRV - [2003/01/10 12:05:10 | 00,007,424 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Stopped])
DRV - [2003/10/14 18:40:00 | 00,036,484 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2002/10/23 09:05:06 | 00,021,963 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\smb.sys -- (smbusp [On_Demand | Stopped])
DRV - [2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- D:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2006/09/24 18:58:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- D:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006/11/30 17:02:52 | 00,664,064 | ---- | M] () -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/02/15 14:14:28 | 00,019,840 | ---- | M] (Generic) -- D:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2006/12/09 21:36:02 | 00,023,600 | ---- | M] (EnTech Taiwan) -- D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2004/06/11 02:12:38 | 00,015,429 | R--- | M] ( ) -- D:\WINDOWS\system32\DRIVERS\Sacm2A.sys -- (USBCM [On_Demand | Running])
DRV - [2003/12/18 09:29:32 | 00,703,737 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem [On_Demand | Running])
DRV - [2003/12/18 09:27:52 | 00,801,906 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom [On_Demand | Running])
DRV - [2003/12/18 09:30:08 | 00,070,384 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice [On_Demand | Running])
DRV - [2006/11/07 09:42:16 | 00,061,504 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200bus.sys -- (w200bus [On_Demand | Stopped])
DRV - [2006/11/07 09:42:22 | 00,009,328 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped])
DRV - [2006/11/07 09:42:24 | 00,097,056 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mdm.sys -- (w200mdm [On_Demand | Stopped])
DRV - [2006/11/07 09:42:28 | 00,088,560 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped])
DRV - [2006/11/07 09:42:30 | 00,086,368 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200obex.sys -- (w200obex [On_Demand | Stopped])
DRV - [2003/04/15 16:10:54 | 00,113,504 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 16:10:46 | 00,078,752 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-117609710-839522115-1003\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-117609710-839522115-1003\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2006/10/06 14:22:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2006/10/06 14:21:58 | 00,000,000 | ---D | M]

[2008/06/18 11:01:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\first\Application Data\mozilla\Extensions
[2008/06/18 11:01:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\first\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/04/16 22:33:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2007/04/16 22:35:22 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/19 21:07:18 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/25 16:00:44 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/22 15:53:16 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/05 21:19:26 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/10/04 15:34:54 | 00,134,656 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/04 15:34:54 | 00,023,040 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/10/04 15:35:00 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/04 15:35:00 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/04 15:35:00 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/04 15:35:00 | 00,002,642 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/04 15:35:00 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/04 15:35:00 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/04 15:35:00 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306336 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10547 more lines...
O2 - BHO: (DAPBHO Class) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - Reg Error: Key error. File not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] H:\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PCTVOICE] pctspk.exe (Conexant Systems, Inc.)
O4 - HKU\S-1-5-21-1275210071-117609710-839522115-1003..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with Download Accelerator Lite - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Search - ?p=ZNxmk789YYIN File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://D:\TempEI4\EI40_\msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://www.shockwave.com/content/cinematyc...inematycoon.cab (TikGames Online Control)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - D:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (E:\KASPER~1\adialhk.dll) - E:\Kaspersky\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\SUPERAntiSpyware\SASWINLO.dll - H:\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O24 - Desktop Components:0 () - http://us.js2.yimg.com/us.js.yimg.com/lib/...ailcommonlib.js
O24 - Desktop Components:1 () - http://www.punch.co.uk/images/Cartoons/children/03_t.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:57:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/10/06 20:36:54 | 00,000,154 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/10/15 21:41:14 | 00,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\Shell\AutoRun\command - "" = wscript.exe n.vbe
O33 - MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\Shell\explore\Command - "" = wscript.exe n.vbe
O33 - MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\Shell\open\Command - "" = wscript.exe n.vbe
O33 - MountPoints2\{446e234f-f9a7-11dd-8183-806d6172696f}\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{66e41954-844e-11dc-a620-00e04c814264}\Shell - "" = AutoRun
O33 - MountPoints2\{66e41954-844e-11dc-a620-00e04c814264}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6bea9566-f823-11dd-b745-806d6172696f}\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell - "" = AutoRun
O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell\1\Command - "" = .\Recycler\AutoLaunch.exe
O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell\2\Command - "" = .\Recycler\AutoLaunch.exe
O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8fe9a09-1fb1-11da-8e34-806d6172696f}\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\Shell\AutoRun\command - "" = x.com
O33 - MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\Shell\explore\Command - "" = x.com
O33 - MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\Shell\open\Command - "" = x.com
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 D:\*.tmp files]
[2009/05/11 09:50:06 | 00,501,248 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\OTListIt2.exe
[2009/05/11 09:48:14 | 00,000,506 | ---- | C] () -- D:\Documents and Settings\first\Desktop\ERUNT.lnk
[2009/05/11 09:48:13 | 00,000,000 | ---D | C] -- D:\Program Files\ERUNT
[2009/05/08 15:38:50 | 00,000,513 | ---- | C] () -- D:\Documents and Settings\first\Desktop\FileZilla Client.lnk
[2009/05/06 21:08:56 | 00,000,000 | -H-- | C] () -- D:\Documents and Settings\first\My Documents\Default.rdp
[2009/05/06 20:48:50 | 00,000,000 | -HSD | C] -- D:\FOUND.001
[2009/05/06 12:17:46 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Windows Script
[2009/05/06 09:44:46 | 00,000,000 | -HSD | C] -- D:\FOUND.000
[2009/05/06 07:31:46 | 00,020,480 | ---- | C] () -- D:\Documents and Settings\first\My Documents\sib.doc
[2009/05/05 17:30:46 | 00,000,000 | ---D | C] -- D:\Rooter$
[2009/05/04 21:59:44 | 00,024,064 | ---- | C] () -- D:\Documents and Settings\first\My Documents\covering letter.doc
[2009/05/04 14:14:13 | 43,405,312 | ---- | C] () -- D:\WINDOWS\System32\BMUZDI
[2009/05/03 20:27:56 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/03 20:27:39 | 00,000,440 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/03 20:27:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Application Data\SUPERAntiSpyware.com
[2009/05/03 20:26:34 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 19:26:16 | 00,000,000 | ---D | C] -- D:\VundoFix Backups
[2009/04/30 04:47:25 | 00,290,816 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\winsrv.dll
[2009/04/30 04:47:24 | 00,000,000 | ---D | C] -- D:\WINDOWS
[2009/04/25 08:45:49 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\first\My Documents\AGREEMENT OF LICENSE TO OCCUPY BUILING.doc
[2009/04/25 08:40:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\My Documents\New Folder
[2009/04/24 13:28:10 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/24 12:03:52 | 00,000,000 | ---D | C] -- D:\Program Files\Folding@home
[2009/04/24 12:03:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Application Data\Folding@home-x86
[2009/04/24 11:23:21 | 00,001,799 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/04/24 09:24:54 | 00,000,559 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/24 09:24:53 | 00,051,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/24 09:24:53 | 00,026,944 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/24 09:24:53 | 00,023,152 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/24 09:24:52 | 00,097,480 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\AvastSS.scr
[2009/04/24 09:24:51 | 00,020,560 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/24 09:24:50 | 00,114,768 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/24 09:24:50 | 00,094,032 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/24 09:24:50 | 00,093,296 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/24 09:24:33 | 01,256,296 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/04/24 09:24:33 | 00,380,928 | ---- | C] () -- D:\WINDOWS\System32\actskin4.ocx
[2009/04/23 08:25:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009/04/23 08:25:16 | 00,000,610 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 08:25:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/23 08:25:11 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/04/22 13:21:50 | 00,000,127 | ---- | C] () -- D:\WINDOWS\_delis43.ini
[2009/04/21 16:54:12 | 00,014,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spmsg2.dll
[2009/04/21 16:49:30 | 00,000,000 | ---D | C] -- D:\Program Files\MSXML 6.0
[2009/04/21 16:10:43 | 00,081,408 | R--- | C] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/03/01 20:52:45 | 00,000,131 | ---- | C] () -- D:\WINDOWS\CRC.INI
[2009/01/20 12:26:46 | 00,000,079 | ---- | C] () -- D:\WINDOWS\SYMGAMES.INI
[2008/05/26 16:09:47 | 00,000,000 | ---- | C] () -- D:\WINDOWS\galaxy.ini
[2008/02/17 16:08:38 | 00,000,092 | ---- | C] () -- D:\WINDOWS\CMISETUP.INI
[2008/02/17 16:08:32 | 00,000,301 | ---- | C] () -- D:\WINDOWS\Wininit.ini
[2008/02/17 16:08:21 | 00,028,672 | ---- | C] () -- D:\WINDOWS\CMIRmDriver.dll
[2008/02/17 15:43:47 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll
[2008/02/17 15:11:03 | 00,000,026 | ---- | C] () -- D:\WINDOWS\CMCDPLAY.INI
[2008/02/16 19:56:46 | 00,156,672 | R--- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini
[2007/11/08 19:19:55 | 00,000,000 | ---- | C] () -- D:\WINDOWS\autorun.INI
[2007/10/29 18:47:55 | 00,000,000 | ---- | C] () -- D:\WINDOWS\procui.INI
[2007/10/24 19:40:57 | 00,033,228 | ---- | C] () -- D:\WINDOWS\unvpeye.ini
[2007/06/22 21:35:38 | 00,000,199 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2007/06/05 15:17:32 | 00,000,417 | ---- | C] () -- D:\WINDOWS\barcode.ini
[2007/02/25 11:55:55 | 00,051,712 | ---- | C] () -- D:\WINDOWS\wc98pp.dll
[2006/12/22 13:15:58 | 00,000,152 | RHS- | C] () -- D:\WINDOWS\System32\1854DBF97A.dll
[2006/12/22 12:21:23 | 00,000,067 | ---- | C] () -- D:\WINDOWS\IDMan.INI
[2006/11/30 17:02:50 | 00,664,064 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2006/11/30 17:02:50 | 00,096,256 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd8157.sys
[2006/09/16 16:27:23 | 00,053,693 | R--- | C] () -- D:\WINDOWS\UNDPX2A.sys
[2006/09/16 16:27:21 | 00,015,429 | R--- | C] ( ) -- D:\WINDOWS\System32\drivers\Sacm2A.sys
[2006/06/03 17:40:50 | 00,000,057 | ---- | C] () -- D:\WINDOWS\PROGMAN.INI
[2006/05/28 13:22:59 | 00,000,006 | ---- | C] () -- D:\WINDOWS\System32\cuatro.ini
[2006/05/24 11:57:00 | 00,000,150 | ---- | C] () -- D:\WINDOWS\ODBCDRV.INI
[2006/05/23 19:07:50 | 00,000,022 | ---- | C] () -- D:\WINDOWS\blackops.ini
[2006/05/08 16:43:55 | 00,000,103 | ---- | C] () -- D:\WINDOWS\gkerde3d.INI
[2006/05/08 16:37:43 | 00,001,172 | ---- | C] () -- D:\WINDOWS\timetime.ini
[2006/05/08 16:36:55 | 00,000,109 | ---- | C] () -- D:\WINDOWS\stargazr.ini
[2006/05/08 15:33:11 | 00,000,117 | ---- | C] () -- D:\WINDOWS\TemplateBuilder.INI
[2006/05/03 04:08:24 | 00,000,748 | ---- | C] () -- D:\WINDOWS\SetBrowser.ini
[2006/04/16 20:38:07 | 00,000,026 | ---- | C] () -- D:\WINDOWS\DfrgUIEx.INI
[2006/04/15 20:55:42 | 00,000,000 | ---- | C] () -- D:\WINDOWS\MSINFO32.INI
[2006/03/24 12:48:07 | 00,000,614 | ---- | C] () -- D:\WINDOWS\videoimp.ini
[2006/03/24 12:47:39 | 00,000,021 | ---- | C] () -- D:\WINDOWS\CS_setup.ini
[2006/03/20 09:58:38 | 00,000,036 | ---- | C] () -- D:\WINDOWS\Tiny_Run.ini
[2006/01/22 16:45:11 | 00,000,600 | ---- | C] () -- D:\WINDOWS\Rtcw.INI
[2006/01/14 19:59:33 | 00,000,203 | ---- | C] () -- D:\WINDOWS\cdplayer.ini
[2005/12/31 14:18:33 | 00,000,055 | ---- | C] () -- D:\WINDOWS\3D Studio MAX® R3 EReg.ini
[2005/12/31 14:13:55 | 00,073,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\SENTINEL.SYS
[2005/12/31 14:13:55 | 00,047,616 | ---- | C] () -- D:\WINDOWS\System32\SNTI386.DLL
[2005/12/31 14:13:55 | 00,017,920 | ---- | C] () -- D:\WINDOWS\System32\RNBOVDD.DLL
[2005/12/31 13:46:31 | 00,006,592 | ---- | C] () -- D:\WINDOWS\gwpreset.ini
[2005/12/31 13:46:31 | 00,000,435 | ---- | C] () -- D:\WINDOWS\goldwave.ini
[2005/12/17 14:47:33 | 00,000,004 | ---- | C] () -- D:\WINDOWS\System32\Vbe.dll
[2005/10/02 19:59:18 | 00,000,031 | ---- | C] () -- D:\WINDOWS\bluevoda.ini
[2005/09/12 16:50:24 | 00,000,092 | ---- | C] () -- D:\WINDOWS\lampron.ini
[2005/09/09 17:45:57 | 00,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2005/09/08 11:02:23 | 00,000,195 | ---- | C] () -- D:\WINDOWS\POD.INI
[2005/09/08 11:01:15 | 00,000,000 | ---- | C] () -- D:\WINDOWS\PROTOCOL.INI
[2005/09/07 16:14:55 | 00,000,892 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/09/07 15:47:14 | 00,001,125 | ---- | C] () -- D:\WINDOWS\winamp.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2002/05/28 07:22:36 | 00,106,496 | ---- | C] () -- D:\WINDOWS\japi.dll
[2001/08/31 10:49:44 | 00,000,218 | ---- | C] () -- D:\WINDOWS\oraodbc.ini
[2001/08/23 15:00:00 | 00,001,002 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 15:00:00 | 00,000,287 | ---- | C] () -- D:\WINDOWS\system.ini
[2001/06/24 15:02:44 | 00,172,032 | ---- | C] () -- D:\WINDOWS\japi2.dll
[2000/06/28 11:02:27 | 00,282,112 | ---- | C] () -- D:\WINDOWS\System32\cncs232.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- D:\WINDOWS\System32\sysres.dll
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- D:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- D:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- D:\WINDOWS\FRONTPG.INI
[1997/06/14 00:56:08 | 00,056,832 | ---- | C] () -- D:\WINDOWS\System32\Iyvu9_32.dll
[1996/04/04 01:03:26 | 00,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[3 D:\*.tmp files]
[2009/05/11 09:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\OTListIt2.exe
[2009/05/11 09:48:16 | 00,000,506 | ---- | M] () -- D:\Documents and Settings\first\Desktop\ERUNT.lnk
[2009/05/11 09:42:10 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\first\Local Settings\desktop.ini
[2009/05/11 09:41:24 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/05/11 09:41:14 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/05/11 09:26:02 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/05/10 14:16:14 | 00,000,926 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-117609710-839522115-1003.job
[2009/05/10 08:01:00 | 00,001,125 | ---- | M] () -- D:\WINDOWS\winamp.ini
[2009/05/08 15:38:52 | 00,000,513 | ---- | M] () -- D:\Documents and Settings\first\Desktop\FileZilla Client.lnk
[2009/05/07 11:52:36 | 00,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2009/05/06 21:08:58 | 00,000,000 | -H-- | M] () -- D:\Documents and Settings\first\My Documents\Default.rdp
[2009/05/06 12:34:06 | 00,000,131 | ---- | M] () -- D:\WINDOWS\CRC.INI
[2009/05/06 08:04:44 | 00,020,480 | ---- | M] () -- D:\Documents and Settings\first\My Documents\sib.doc
[2009/05/04 22:03:08 | 00,024,064 | ---- | M] () -- D:\Documents and Settings\first\My Documents\covering letter.doc
[2009/05/04 14:16:52 | 43,405,312 | ---- | M] () -- D:\WINDOWS\System32\BMUZDI
[2009/05/04 12:19:20 | 00,001,002 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/05/04 10:13:02 | 00,000,287 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/05/03 20:27:40 | 00,000,440 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 04:40:58 | 00,290,816 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\winsrv.dll
[2009/04/29 23:11:48 | 00,000,301 | ---- | M] () -- D:\WINDOWS\Wininit.ini
[2009/04/29 20:11:36 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\first\My Documents\AGREEMENT OF LICENSE TO OCCUPY BUILING.doc
[2009/04/24 12:37:34 | 00,002,617 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/04/24 11:23:22 | 00,001,799 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/04/24 09:24:56 | 00,000,559 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/23 08:25:18 | 00,000,610 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 13:21:52 | 00,000,127 | ---- | M] () -- D:\WINDOWS\_delis43.ini
< End of report >

---------------------

OTListIt Extras logfile created on: 5/11/2009 9:52:01 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = D:\Documents and Settings\first\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 66.09 Mb Available Physical Memory | 25.87% Memory free
1.31 Gb Paging File | 0.99 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 720 720 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.03 Gb Total Space | 1.91 Gb Free Space | 38.03% Space Free | Partition Type: FAT32
Drive D: | 12.41 Gb Total Space | 1.96 Gb Free Space | 15.82% Space Free | Partition Type: FAT32
Drive E: | 7.53 Gb Total Space | 1.99 Gb Free Space | 26.49% Space Free | Partition Type: FAT32
Drive F: | 11.49 Gb Total Space | 0.85 Gb Free Space | 7.41% Space Free | Partition Type: FAT32
Drive G: | 8.95 Gb Total Space | 1.81 Gb Free Space | 20.25% Space Free | Partition Type: FAT32
Drive H: | 9.54 Gb Total Space | 3.73 Gb Free Space | 39.10% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 19.56 Gb Total Space | 13.19 Gb Free Space | 67.42% Space Free | Partition Type: NTFS

Computer Name: PERSONAL
Current User Name: first
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/10/13 21:54:38 | 01,694,208 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger
File not found -- D:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
File not found -- H:\Lemonade Tycoon\Lemonade Tycoon\Lemonade.exe:*:Disabled:Lemonade
File not found -- D:\Program Files\Microsoft Games\Age of Empires II\Empires2.Exe:*:Enabled:Age of Empires II
File not found -- H:\Return To Castle Wolfenstein\Return to Castle Wolfenstein\WolfMP.exe:*:Disabled:WolfMP
[2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- D:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- H:\Tycoon games\rct.exe:*:Enabled:rct
File not found -- H:\Team Arena Demo\Team Arena Demo\taquake3.exe:*:Enabled:taquake3
File not found -- D:\Program Files\Real\RealOne Player\TRUEPLAY.EXE:*:Disabled:RealOne Player
File not found -- D:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- D:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- D:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2004/08/04 00:56:52 | 03,148,800 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2004/08/03 19:26:50 | 01,298,432 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DxDiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool
[2004/08/03 19:26:50 | 00,018,432 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server
[2008/10/04 15:34:58 | 00,307,712 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
[2005/11/24 15:37:12 | 00,131,072 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home
File not found -- I:\QUAKE3\Quake3.exe:*:Enabled:Quake3
[2006/09/06 20:10:44 | 06,007,296 | ---- | M] () -- D:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct
File not found -- H:\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
File not found -- H:\MIRC\mirc.exe:*:Enabled:mIRC
[1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- H:\Visual Basic\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator
File not found -- D:\Documents and Settings\FIRST\Local Settings\Temp\OraInstall2007-08-15_07-44-27PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw
[2005/01/04 11:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
[2005/01/04 11:49:52 | 00,962,638 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
File not found -- E:\Oracle\bin\xsaagent.exe:*:Enabled:xsaagent
[2007/04/20 23:33:32 | 00,855,736 | ---- | M] (Abacast, Inc.) -- D:\Documents and Settings\FIRST\Local Settings\Application Data\Abacast\Abaclient.exe:*:Disabled:Abaclient
[2004/11/10 13:37:00 | 04,788,224 | ---- | M] () -- H:\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2
[2006/02/03 08:52:04 | 06,029,312 | ---- | M] () -- F:\NFS Most wanted\speed.exe:*:Enabled:speed
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- H:\I Tunes\iTunes.exe:*:Enabled:iTunes
[2007/06/29 17:14:34 | 01,990,704 | ---- | M] (FlashGet.com) -- E:\FlashGet\flashget.exe:*:Enabled:Flashget
File not found -- E:\racer\racer\racer.exe:*:Enabled:racer
[2004/08/03 19:26:50 | 00,083,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2006/10/18 11:50:54 | 20,058,152 | ---- | M] () -- D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/04/24 11:23:12 | 00,016,384 | ---- | M] () -- D:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480
File not found -- D:\Documents and Settings\FIRST\Desktop\UTORRENT.EXE:*:Disabled:µTorrent
File not found -- H:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
File not found -- H:\Download manager\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)
File not found -- D:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Disabled:Need For Speed III for Win32

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01800201-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia International
"{02C47AB7-0EFA-4804-BCFC-63DD27698B89}" = Stunt GP Demo
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}" = character studio 4.2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150000}" = J2SE Development Kit 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{43977AC9-8FD7-405B-B5E9-5949C06B7B3D}" = Finders Keepers
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{513AEC24-3465-8C4F-87BA-652D6F491033}" = Nero 7 Demo
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.3
"{5D582D33-EB35-4D77-B7AF-403322D947E6}" = Opera 9.10
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}" = Sonic Foundry Sound Forge 6.0a
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1" = COMODO Registry Cleaner 1.0.17.23
"{AA6DC0ED-FC5B-4C60-BD99-8D669F8AB7D0}" = All-In-One v2.3.1
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 5
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}" = Sony Ericsson PC Suite
"{BC14A1F6-0511-4360-8351-FB7964979317}" = 3ds max 6 Reference Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0863246-5815-11D4-883C-00A0D21884B3}" = KISS Psycho Circus - The Nightmare Child Demo
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DD8BD297-5B65-4420-BA11-25FBAD24A1AD}" = Cricket 2002
"{DD8C1183-6548-4A43-B9E5-CD0E970751E4}" = 3ds max 6 Architectural Materials
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}" = Diskeeper Professional Edition
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst
"{EC63CD9C-676B-4384-A280-378842B99DCA}" = 3ds max 6 Sample Files
"{EED1C93A-1D67-4DB4-9233-8167DF34B39D}" = PC VGA Camer@
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3D Studio MAX R3" = 3D Studio MAX R3
"AddressBook" =
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ArcSoft Software Suite" = ArcSoft Software Suite
"avast!" = avast! Antivirus
"Branding" =
"Bricks of Egypt_is1" = Bricks of Egypt
"Canon LBP3000" = Canon LBP3000
"CCleaner" = CCleaner (remove only)
"Claw" = Claw
"C-Media Audio" = C-Media 3D Audio
"Connection Manager" =
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"EASEUS Partition Manager_is1" = EASEUS Partition Manager 1.6.3
"ERUNT_is1" = ERUNT 1.1j
"FlashGet" = FlashGet 1.9.0.1012
"Fontcore" =
"Gaa Moa's Plugins for Cool Edit Pro" = Gaa Moa's Plugins for Cool Edit Pro
"Grand Theft Auto 3 ( GTA )" = Grand Theft Auto 3 ( GTA )
"Gutterball 2_is1" = Gutterball 2
"HijackThis" = HijackThis 2.0.2
"ICW" =
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"IEData" =
"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers
"InstallShield_{AA6DC0ED-FC5B-4C60-BD99-8D669F8AB7D0}" = All-In-One Office 2003
"InstallShield_{EED1C93A-1D67-4DB4-9233-8167DF34B39D}" = PC VGA Camer@
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manolito" = Manolito 1.1.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft PowerToys for Windows CE" = Microsoft PowerToys for Windows CE (Remove Only)
"MobileOptionPack" =
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"MSNINST" = MSN
"NASCAR Heat Demo" = NASCAR Heat Demo
"NetMeeting" =
"OutlookExpress" =
"Pack Crystal Clear" = Pack Crystal Clear 1.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Resco Picture Viewer" = Resco Picture Viewer
"Ricochet Lost Worlds_is1" = Ricochet Lost Worlds
"RollerCoaster Tycoon Setup" = Roll
"SchedulingAgent" =
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"Skype_is1" = Skype 2.5
"SpeedFan" = SpeedFan (remove only)
"TeraCopy_is1" = TeraCopy 1.22
"UControl Scan and Remove" = UControl Scan and Remove
"Uninst.isu" = Battlezone II ™ Demo
"vcmm" = Vice City Mod Manager
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinGTK-2_is1" = GTK+ 2.6.10-20050823 runtime environment
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client" = Abacast Client
"FileZilla Client" = FileZilla Client 3.2.4.1
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client" = Abacast Client
"FileZilla Client" = FileZilla Client 3.2.4.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/13/2009 8:56:36 AM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/13/2009 10:54:44 AM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/14/2009 1:14:57 AM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 3/23/2009 12:29:18 PM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 3/23/2009 12:46:32 PM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 3/23/2009 1:11:00 PM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 3/23/2009 10:54:19 PM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 4/4/2009 1:27:38 AM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\WINDOWS\system32\SHELL32.dll failed, 0000A413.

Error - 4/26/2009 8:16:32 AM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/26/2009 8:16:32 AM | Computer Name = PERSONAL | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

[ Application Events ]
Error - 1/31/2009 10:08:49 AM | Computer Name = PERSONAL | Source = Google Update | ID = 20
Description =

Error - 2/2/2009 3:38:26 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application pctspk.exe, version 1.0.0.1, faulting module
winsta.dll, version 5.1.2600.2180, fault address 0x000039ab.

Error - 2/2/2009 5:10:06 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libwxwidgets_plugin.dll,
version 0.0.0.0, fault address 0x000bb3e8.

Error - 2/2/2009 12:38:29 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application pctspk.exe, version 1.0.0.1, faulting module
winsta.dll, version 5.1.2600.2180, fault address 0x000039ab.

Error - 2/3/2009 10:54:31 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application gta_sa.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0xfc90eb94.

Error - 2/4/2009 10:46:27 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application pctspk.exe, version 1.0.0.1, faulting module
unknown, version 0.0.0.0, fault address 0xfc90ead0.

Error - 2/8/2009 9:23:04 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application pctspk.exe, version 1.0.0.1, faulting module
winsta.dll, version 5.1.2600.2180, fault address 0x000039ab.

Error - 2/8/2009 9:51:00 AM | Computer Name = PERSONAL | Source = Google Update | ID = 20
Description =

Error - 2/8/2009 9:26:32 PM | Computer Name = PERSONAL | Source = Google Update | ID = 20
Description =

Error - 2/9/2009 1:45:33 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application localcooling.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0xfc34ffb3.

[ System Events ]
Error - 5/4/2009 5:25:46 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The CHHYZUDQ service terminated unexpectedly. It has done this 1
time(s).

Error - 5/4/2009 8:18:28 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7001
Description = The Alerter service depends on the Workstation service which failed
to start because of the following error: %%1058

Error - 5/4/2009 8:18:28 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7000
Description = The OracleOraHome90TNSListener service failed to start due to the
following error: %%3

Error - 5/4/2009 8:18:28 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7000
Description = The OracleServiceACHUTHAN service failed to start due to the following
error: %%3

Error - 5/4/2009 8:18:28 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7000
Description = The SIODRV service failed to start due to the following error: %%20

Error - 5/4/2009 8:18:28 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 5/4/2009 8:18:28 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 5/4/2009 8:18:51 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 5/4/2009 8:18:51 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 5/4/2009 8:51:34 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The BWSYNYFNCGX service terminated unexpectedly. It has done this
1 time(s).


< End of report >

--------------------

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-11 10:26:19
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF7AFF6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF7AFF574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF7AFFA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF7AFF14C]
SSDT sptd.sys ZwEnumerateKey [0xF9802C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF9802F9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF7AFF64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF7AFF08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF7AFF0F0]
SSDT sptd.sys ZwQueryKey [0xF9803064]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF7AFF76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF7AFF72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF7AFF8AE]

---- Kernel code sections - GMER 1.0.15 ----

? D:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? D:\WINDOWS\System32\Drivers\SPTD8157.SYS The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F980B89E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9821D86] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F980BE24] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F980BD28] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F980BEF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F980BEF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F980BE24] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F980BD28] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F98211AE] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F980BA5A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F982104A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F980B8F2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F97FEAD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F97FEC0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F97FEB96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F97FF76C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F97FF642] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9821E4A] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F98108C6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F982104A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9821056] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9821E4A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F980BCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F980BCC6] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\WINDOWS\system32\services.exe[1176] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT D:\WINDOWS\system32\services.exe[1176] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8286D750

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 82BE20E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 82B95940
Device \Driver\dmio \Device\DmControl\DmConfig 82B95940
Device \Driver\dmio \Device\DmControl\DmPnP 82B95940
Device \Driver\dmio \Device\DmControl\DmInfo 82B95940
Device \Driver\NetBT \Device\NetBT_Tcpip_{70A0E71C-5E75-449C-8E79-5E7CD91060F5} 82617BA8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82B971B0
Device \Driver\Ftdisk \Device\HarddiskVolume2 82B971B0
Device \Driver\Cdrom \Device\CdRom0 82A6BC20
Device \FileSystem\Rdbss \Device\FsWrap 82819A50
Device \Driver\Ftdisk \Device\HarddiskVolume3 82B971B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7926FC8B-9813-4A71-AFBE-A9C96788954F} 82617BA8
Device \Driver\Ftdisk \Device\HarddiskVolume4 82B971B0
Device \Driver\Ftdisk \Device\HarddiskVolume5 82B971B0
Device \Driver\Ftdisk \Device\HarddiskVolume6 82B971B0
Device \Driver\Ftdisk \Device\HarddiskVolume7 82B971B0
Device \Driver\NetBT \Device\NetBt_Wins_Export 82617BA8
Device \Driver\NetBT \Device\NetbiosSmb 82617BA8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 82B953D0

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82758378
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82758378
Device \FileSystem\Npfs \Device\NamedPipe 8263A600
Device \Driver\Ftdisk \Device\FtControl 82B971B0
Device \FileSystem\Msfs \Device\Mailslot 8263FA58
Device \FileSystem\Fastfat \Fat 82BE20E8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 828D3EB0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 212370
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 266319778
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1367094057
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1297081791
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}@LeaseObtainedTime 1242017286
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}@T1 1242017586
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}@T2 1242017811
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}@LeaseTerminatesTime 1242017886
Reg HKLM\SYSTEM\CurrentControlSet\Services\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}\Parameters\Tcpip@LeaseObtainedTime 1242017286
Reg HKLM\SYSTEM\CurrentControlSet\Services\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}\Parameters\Tcpip@T1 1242017586
Reg HKLM\SYSTEM\CurrentControlSet\Services\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}\Parameters\Tcpip@T2 1242017811
Reg HKLM\SYSTEM\CurrentControlSet\Services\{70A0E71C-5E75-449C-8E79-5E7CD91060F5}\Parameters\Tcpip@LeaseTerminatesTime 1242017886
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x97 0xC9 0x16 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x3C 0xD3 0xA4 0x19 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986582B1-E935-5877-BBF6-3F1AB368241A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986582B1-E935-5877-BBF6-3F1AB368241A}@hafbdegpfbcjfdel 0x61 0x61 0x00 0x7C
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986582B1-E935-5877-BBF6-3F1AB368241A}@jafbdegpfbcjfdelckle 0x63 0x61 0x6D 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986582B1-E935-5877-BBF6-3F1AB368241A}@panbcgoipgejfolmmadbammmnmponbgk 0x64 0x61 0x69 0x68 ...

---- EOF - GMER 1.0.15 ----

-----------------

Hello, serat
We need to run an OTListIt2 Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  

  :processes
  chrome.exe
  :files
  D:\Documents and Settings\first\Local Settings\Temp\CHMVYJGW.exe
  D:\Documents and Settings\first\Local Settings\Temp\HVYIGP.exe
  D:\Documents and Settings\first\Local Settings\Temp\SVTBWYANVKWKF.exe
  D:\Documents and Settings\first\Local Settings\Temp\SV.exe
  D:\Rooter$
  D:\VundoFix Backups
  D:\FOUND.???
  :services
  CHMVYJGW
  HVYIGP
  OracleOraHome90TNSListener
  OracleServiceACHUTHAN
  SVTBWYANVKWKF
  SV
  :otli
  IE - URLSearchHook: - Reg Error: Key error. File not found
  O2 - BHO: (DAPBHO Class) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - Reg Error: Key error. File not found
  O3 - HKU\S-1-5-21-1275210071-117609710-839522115-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Reg Error: Key error. File not found
  O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://D:\TempEI4\EI40_\msxml4.cab (XML DOM Document 4.0)
  O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
  O24 - Desktop Components:0 () - http://us.js2.yimg.com/us.js.yimg.com/lib/...ailcommonlib.js
  O24 - Desktop Components:1 () - http://www.punch.co.uk/images/Cartoons/children/03_t.gif
  O32 - AutoRun File - [2009/01/20 14:57:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
  O32 - AutoRun File - [2006/10/06 20:36:54 | 00,000,154 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
  O32 - AutoRun File - [2008/10/15 21:41:14 | 00,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ]
  O33 - MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\Shell\AutoRun\command - "" = wscript.exe n.vbe
  O33 - MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\Shell\explore\Command - "" = wscript.exe n.vbe
  O33 - MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\Shell\open\Command - "" = wscript.exe n.vbe
  O33 - MountPoints2\{446e234f-f9a7-11dd-8183-806d6172696f}\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
  O33 - MountPoints2\{66e41954-844e-11dc-a620-00e04c814264}\Shell - "" = AutoRun
  O33 - MountPoints2\{66e41954-844e-11dc-a620-00e04c814264}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{6bea9566-f823-11dd-b745-806d6172696f}\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
  O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell - "" = AutoRun
  O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell\1\Command - "" = .\Recycler\AutoLaunch.exe
  O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell\2\Command - "" = .\Recycler\AutoLaunch.exe
  O33 - MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{a8fe9a09-1fb1-11da-8e34-806d6172696f}\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)
  O33 - MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\Shell\AutoRun\command - "" = x.com
  O33 - MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\Shell\explore\Command - "" = x.com
  O33 - MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\Shell\open\Command - "" = x.com
  O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\RunGame.exe -- [2006/10/06 20:36:54 | 00,143,360 | ---- | M] (Electronic Arts Inc.)

• Push
• OTLI2 may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.

We need to run an OTListIt2 Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  

  HKLM\SYSTEM
  HKLM\SYSTEM\select

• Push
• A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:

• OTListIt2 Fix Log
• OTListIt2 Scan Log (With custom scan)

Billy3

Here are the two logs :

--------

========== PROCESSES ==========
Process chrome.exe killed successfully!
========== FILES ==========
D:\Documents and Settings\first\Local Settings\Temp\CHMVYJGW.exe moved successfully.
D:\Documents and Settings\first\Local Settings\Temp\HVYIGP.exe moved successfully.
D:\Documents and Settings\first\Local Settings\Temp\SVTBWYANVKWKF.exe moved successfully.
D:\Documents and Settings\first\Local Settings\Temp\SV.exe moved successfully.
D:\Rooter$ moved successfully.
D:\VundoFix Backups moved successfully.
D:\FOUND.018 moved successfully.
D:\FOUND.019 moved successfully.
D:\FOUND.020 moved successfully.
D:\FOUND.021 moved successfully.
D:\FOUND.022 moved successfully.
D:\FOUND.023 moved successfully.
D:\FOUND.024 moved successfully.
D:\FOUND.025 moved successfully.
D:\FOUND.026 moved successfully.
D:\FOUND.027 moved successfully.
D:\FOUND.028 moved successfully.
D:\FOUND.029 moved successfully.
D:\FOUND.030 moved successfully.
D:\FOUND.031 moved successfully.
D:\FOUND.032 moved successfully.
D:\FOUND.033 moved successfully.
D:\FOUND.034 moved successfully.
D:\FOUND.035 moved successfully.
D:\FOUND.036 moved successfully.
D:\FOUND.037 moved successfully.
D:\FOUND.038 moved successfully.
D:\FOUND.039 moved successfully.
D:\FOUND.040 moved successfully.
D:\FOUND.041 moved successfully.
D:\FOUND.000 moved successfully.
D:\FOUND.001 moved successfully.
D:\FOUND.042 moved successfully.
D:\FOUND.043 moved successfully.
D:\FOUND.044 moved successfully.
D:\FOUND.045 moved successfully.
D:\FOUND.046 moved successfully.
D:\FOUND.047 moved successfully.
D:\FOUND.048 moved successfully.
D:\FOUND.049 moved successfully.
D:\FOUND.050 moved successfully.
D:\FOUND.051 moved successfully.
D:\FOUND.052 moved successfully.
D:\FOUND.053 moved successfully.
D:\FOUND.054 moved successfully.
D:\FOUND.055 moved successfully.
D:\FOUND.056 moved successfully.
D:\FOUND.057 moved successfully.
D:\FOUND.058 moved successfully.
D:\FOUND.059 moved successfully.
D:\FOUND.060 moved successfully.
D:\FOUND.061 moved successfully.
D:\FOUND.062 moved successfully.
D:\FOUND.063 moved successfully.
D:\FOUND.064 moved successfully.
D:\FOUND.010 moved successfully.
D:\FOUND.014 moved successfully.
D:\FOUND.011 moved successfully.
D:\FOUND.012 moved successfully.
D:\FOUND.013 moved successfully.
D:\FOUND.015 moved successfully.
D:\FOUND.016 moved successfully.
D:\FOUND.017 moved successfully.
D:\FOUND.065 moved successfully.
D:\FOUND.066 moved successfully.
D:\FOUND.067 moved successfully.
D:\FOUND.068 moved successfully.
D:\FOUND.069 moved successfully.
D:\FOUND.070 moved successfully.
D:\FOUND.071 moved successfully.
D:\FOUND.072 moved successfully.
D:\FOUND.073 moved successfully.
D:\FOUND.074 moved successfully.
========== SERVICES/DRIVERS ==========

Service\Driver CHMVYJGW deleted successfully.

Service\Driver HVYIGP deleted successfully.

Service\Driver OracleOraHome90TNSListener deleted successfully.

Service\Driver OracleServiceACHUTHAN deleted successfully.

Service\Driver SVTBWYANVKWKF deleted successfully.

Service\Driver SV deleted successfully.
========== OTLISTIT ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}\ not found.
File 9C0-F192-11D4-A65F-0040963251E5} file://D:\TempEI4\EI40_\msxml4.cab not found.
Starting removal of ActiveX control {88D969C0-F192-11D4-A65F-0040963251E5}
D:\WINDOWS\Downloaded Program Files\msxml4.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88D969C0-F192-11D4-A65F-0040963251E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{88D969C0-F192-11D4-A65F-0040963251E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File http://us.js2.yimg.com/us.js.yimg.com/lib/...ailcommonlib.js not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File http://www.punch.co.uk/images/Cartoons/children/03_t.gif not found.
C:\AUTOEXEC.BAT moved successfully.
H:\autorun.inf moved successfully.
J:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0758fb62-3019-11de-bb44-001692530e3d}\ not found.
File wscript.exe n.vbe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0758fb62-3019-11de-bb44-001692530e3d}\ not found.
File wscript.exe n.vbe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0758fb62-3019-11de-bb44-001692530e3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0758fb62-3019-11de-bb44-001692530e3d}\ not found.
File wscript.exe n.vbe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446e234f-f9a7-11dd-8183-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446e234f-f9a7-11dd-8183-806d6172696f}\ not found.
H:\RunGame.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66e41954-844e-11dc-a620-00e04c814264}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66e41954-844e-11dc-a620-00e04c814264}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66e41954-844e-11dc-a620-00e04c814264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66e41954-844e-11dc-a620-00e04c814264}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bea9566-f823-11dd-b745-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bea9566-f823-11dd-b745-806d6172696f}\ not found.
File H:\RunGame.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
File .\Recycler\AutoLaunch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
File .\Recycler\AutoLaunch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879075ea-ae0f-11dc-a6b5-00e04c814264}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8fe9a09-1fb1-11da-8e34-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8fe9a09-1fb1-11da-8e34-806d6172696f}\ not found.
File H:\RunGame.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba072ce2-112b-11dd-9983-00e04c814264}\ not found.
File x.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba072ce2-112b-11dd-9983-00e04c814264}\ not found.
File x.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba072ce2-112b-11dd-9983-00e04c814264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba072ce2-112b-11dd-9983-00e04c814264}\ not found.
File x.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\RunGame.exe not found.

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05132009_091109

--------------

OTListIt logfile created on: 5/13/2009 9:14:02 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = D:\Documents and Settings\first\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 84.25 Mb Available Physical Memory | 32.98% Memory free
1.31 Gb Paging File | 1.02 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 720 720 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.03 Gb Total Space | 1.91 Gb Free Space | 38.03% Space Free | Partition Type: FAT32
Drive D: | 12.41 Gb Total Space | 1.94 Gb Free Space | 15.63% Space Free | Partition Type: FAT32
Drive E: | 7.53 Gb Total Space | 1.99 Gb Free Space | 26.49% Space Free | Partition Type: FAT32
Drive F: | 11.49 Gb Total Space | 0.85 Gb Free Space | 7.41% Space Free | Partition Type: FAT32
Drive G: | 8.95 Gb Total Space | 1.81 Gb Free Space | 20.25% Space Free | Partition Type: FAT32
Drive H: | 9.54 Gb Total Space | 3.72 Gb Free Space | 39.01% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 19.56 Gb Total Space | 13.19 Gb Free Space | 67.42% Space Free | Partition Type: NTFS

Computer Name: PERSONAL
Current User Name: first
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/06 02:31:26 | 00,018,752 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/06 02:38:40 | 00,138,680 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashServ.exe
PRC - [2004/08/03 19:26:50 | 03,194,368 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/03/19 15:25:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe
PRC - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/01/11 17:48:50 | 00,063,112 | ---- | M] (CANON INC.) -- D:\WINDOWS\system32\CNAB3RPK.EXE
PRC - [2009/02/06 02:38:26 | 00,254,040 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2003/12/18 11:15:26 | 00,180,224 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\pctspk.exe
PRC - [2009/02/06 02:38:46 | 00,081,000 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/24 11:23:12 | 00,016,384 | ---- | M] () -- D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
PRC - [2009/02/06 02:36:04 | 00,352,920 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashWebSv.exe
PRC - [2005/09/20 10:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/11 09:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/06 02:31:26 | 00,018,752 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/06 02:38:40 | 00,138,680 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/06 02:38:26 | 00,254,040 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/06 02:36:04 | 00,352,920 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/03/03 21:39:44 | 00,242,688 | ---- | M] (Outertech) -- H:\Cacheman\CachemanXP\CachemanXP.exe -- (CachemanXPService [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/03/19 15:25:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006/10/16 16:10:58 | 00,023,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- H:\Visual Basic\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/06 02:35:12 | 00,026,944 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2003/03/14 00:04:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- D:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [2009/02/06 02:37:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/06 02:38:10 | 00,094,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/06 02:36:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/06 02:37:24 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/06 02:36:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/07/12 16:28:54 | 00,049,904 | R--- | M] (Avanquest Software) -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - [2003/09/15 11:49:42 | 00,752,960 | ---- | M] (C-Media Inc) -- D:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
DRV - [2006/11/30 17:07:32 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- D:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/04 01:03:26 | 00,005,248 | ---- | M] () -- D:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/03/10 19:12:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Running])
DRV - [2008/06/03 13:03:20 | 00,194,320 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF [On_Demand | Stopped])
DRV - [2007/04/04 14:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2004/03/03 15:20:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
DRV - [2004/03/03 15:20:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2002/09/20 16:23:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- D:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/10/18 11:48:38 | 00,154,752 | ---- | M] (PixArt Imaging Inc.) -- D:\WINDOWS\system32\DRIVERS\PA707UCM.SYS -- (PAC7311 [On_Demand | Running])
DRV - [2001/08/23 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/12/18 09:30:36 | 00,356,351 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptserial.sys -- (Ptserial [On_Demand | Running])
DRV - [2007/03/08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/02/27 03:16:20 | 00,081,408 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2001/08/23 18:33:54 | 00,025,434 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/02/22 16:10:24 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/05/09 02:30:56 | 00,033,248 | ---- | M] (Sonic Focus, Inc) -- D:\WINDOWS\system32\drivers\sf.sys -- (sf [System | Running])
DRV - [2003/01/10 12:05:10 | 00,007,424 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Stopped])
DRV - [2003/10/14 18:40:00 | 00,036,484 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2002/10/23 09:05:06 | 00,021,963 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\smb.sys -- (smbusp [On_Demand | Stopped])
DRV - [2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- D:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2006/09/24 18:58:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- D:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006/11/30 17:02:52 | 00,664,064 | ---- | M] () -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/02/15 14:14:28 | 00,019,840 | ---- | M] (Generic) -- D:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2006/12/09 21:36:02 | 00,023,600 | ---- | M] (EnTech Taiwan) -- D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2004/06/11 02:12:38 | 00,015,429 | R--- | M] ( ) -- D:\WINDOWS\system32\DRIVERS\Sacm2A.sys -- (USBCM [On_Demand | Running])
DRV - [2003/12/18 09:29:32 | 00,703,737 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem [On_Demand | Running])
DRV - [2003/12/18 09:27:52 | 00,801,906 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom [On_Demand | Running])
DRV - [2003/12/18 09:30:08 | 00,070,384 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice [On_Demand | Running])
DRV - [2006/11/07 09:42:16 | 00,061,504 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200bus.sys -- (w200bus [On_Demand | Stopped])
DRV - [2006/11/07 09:42:22 | 00,009,328 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped])
DRV - [2006/11/07 09:42:24 | 00,097,056 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mdm.sys -- (w200mdm [On_Demand | Stopped])
DRV - [2006/11/07 09:42:28 | 00,088,560 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped])
DRV - [2006/11/07 09:42:30 | 00,086,368 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200obex.sys -- (w200obex [On_Demand | Stopped])
DRV - [2003/04/15 16:10:54 | 00,113,504 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 16:10:46 | 00,078,752 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2006/10/06 14:22:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2006/10/06 14:21:58 | 00,000,000 | ---D | M]

[2008/06/18 11:01:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\first\Application Data\mozilla\Extensions
[2008/06/18 11:01:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\first\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/04/16 22:33:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2007/04/16 22:35:22 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/19 21:07:18 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/25 16:00:44 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/22 15:53:16 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/05 21:19:26 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/10/04 15:34:54 | 00,134,656 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/04 15:34:54 | 00,023,040 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/10/04 15:35:00 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/04 15:35:00 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/04 15:35:00 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/04 15:35:00 | 00,002,642 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/04 15:35:00 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/04 15:35:00 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/04 15:35:00 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306336 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10547 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] H:\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PCTVOICE] pctspk.exe (Conexant Systems, Inc.)
O4 - HKCU..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with Download Accelerator Lite - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Search - ?p=ZNxmk789YYIN File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://www.shockwave.com/content/cinematyc...inematycoon.cab (TikGames Online Control)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - D:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (E:\KASPER~1\adialhk.dll) - E:\Kaspersky\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\SUPERAntiSpyware\SASWINLO.dll - H:\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 D:\*.tmp files]
[2009/05/13 09:11:09 | 00,000,000 | ---D | C] -- D:\_OTListIt
[2009/05/11 09:57:22 | 00,286,208 | ---- | C] () -- D:\Documents and Settings\first\Desktop\elkiynmc.exe
[2009/05/11 09:50:06 | 00,501,248 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\OTListIt2.exe
[2009/05/11 09:48:14 | 00,000,506 | ---- | C] () -- D:\Documents and Settings\first\Desktop\ERUNT.lnk
[2009/05/11 09:48:13 | 00,000,000 | ---D | C] -- D:\Program Files\ERUNT
[2009/05/08 15:38:50 | 00,000,513 | ---- | C] () -- D:\Documents and Settings\first\Desktop\FileZilla Client.lnk
[2009/05/06 21:08:56 | 00,000,000 | -H-- | C] () -- D:\Documents and Settings\first\My Documents\Default.rdp
[2009/05/06 12:17:46 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Windows Script
[2009/05/06 07:31:46 | 00,020,480 | ---- | C] () -- D:\Documents and Settings\first\My Documents\sib.doc
[2009/05/04 21:59:44 | 00,024,064 | ---- | C] () -- D:\Documents and Settings\first\My Documents\covering letter.doc
[2009/05/04 14:14:13 | 43,405,312 | ---- | C] () -- D:\WINDOWS\System32\BMUZDI
[2009/05/03 20:27:56 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/03 20:27:39 | 00,000,440 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/03 20:27:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Application Data\SUPERAntiSpyware.com
[2009/05/03 20:26:34 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 04:47:25 | 00,290,816 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\winsrv.dll
[2009/04/30 04:47:24 | 00,000,000 | ---D | C] -- D:\WINDOWS
[2009/04/25 08:45:49 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\first\My Documents\AGREEMENT OF LICENSE TO OCCUPY BUILING.doc
[2009/04/25 08:40:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\My Documents\New Folder
[2009/04/24 13:28:10 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/24 12:03:52 | 00,000,000 | ---D | C] -- D:\Program Files\Folding@home
[2009/04/24 12:03:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Application Data\Folding@home-x86
[2009/04/24 11:23:21 | 00,001,799 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/04/24 09:24:54 | 00,000,559 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/24 09:24:53 | 00,051,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/24 09:24:53 | 00,026,944 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/24 09:24:53 | 00,023,152 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/24 09:24:52 | 00,097,480 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\AvastSS.scr
[2009/04/24 09:24:51 | 00,020,560 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/24 09:24:50 | 00,114,768 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/24 09:24:50 | 00,094,032 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/24 09:24:50 | 00,093,296 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/24 09:24:33 | 01,256,296 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/04/24 09:24:33 | 00,380,928 | ---- | C] () -- D:\WINDOWS\System32\actskin4.ocx
[2009/04/23 08:25:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009/04/23 08:25:16 | 00,000,610 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 08:25:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/23 08:25:11 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/04/22 13:21:50 | 00,000,127 | ---- | C] () -- D:\WINDOWS\_delis43.ini
[2009/04/21 16:54:12 | 00,014,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spmsg2.dll
[2009/04/21 16:49:30 | 00,000,000 | ---D | C] -- D:\Program Files\MSXML 6.0
[2009/04/21 16:10:43 | 00,081,408 | R--- | C] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/03/01 20:52:45 | 00,000,131 | ---- | C] () -- D:\WINDOWS\CRC.INI
[2009/01/20 12:26:46 | 00,000,079 | ---- | C] () -- D:\WINDOWS\SYMGAMES.INI
[2008/05/26 16:09:47 | 00,000,000 | ---- | C] () -- D:\WINDOWS\galaxy.ini
[2008/02/17 16:08:38 | 00,000,092 | ---- | C] () -- D:\WINDOWS\CMISETUP.INI
[2008/02/17 16:08:32 | 00,000,301 | ---- | C] () -- D:\WINDOWS\Wininit.ini
[2008/02/17 16:08:21 | 00,028,672 | ---- | C] () -- D:\WINDOWS\CMIRmDriver.dll
[2008/02/17 15:43:47 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll
[2008/02/17 15:11:03 | 00,000,026 | ---- | C] () -- D:\WINDOWS\CMCDPLAY.INI
[2008/02/16 19:56:46 | 00,156,672 | R--- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini
[2007/11/08 19:19:55 | 00,000,000 | ---- | C] () -- D:\WINDOWS\autorun.INI
[2007/10/29 18:47:55 | 00,000,000 | ---- | C] () -- D:\WINDOWS\procui.INI
[2007/10/24 19:40:57 | 00,033,228 | ---- | C] () -- D:\WINDOWS\unvpeye.ini
[2007/06/22 21:35:38 | 00,000,199 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2007/06/05 15:17:32 | 00,000,417 | ---- | C] () -- D:\WINDOWS\barcode.ini
[2007/02/25 11:55:55 | 00,051,712 | ---- | C] () -- D:\WINDOWS\wc98pp.dll
[2006/12/22 13:15:58 | 00,000,152 | RHS- | C] () -- D:\WINDOWS\System32\1854DBF97A.dll
[2006/12/22 12:21:23 | 00,000,067 | ---- | C] () -- D:\WINDOWS\IDMan.INI
[2006/11/30 17:02:50 | 00,664,064 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2006/11/30 17:02:50 | 00,096,256 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd8157.sys
[2006/09/16 16:27:23 | 00,053,693 | R--- | C] () -- D:\WINDOWS\UNDPX2A.sys
[2006/09/16 16:27:21 | 00,015,429 | R--- | C] ( ) -- D:\WINDOWS\System32\drivers\Sacm2A.sys
[2006/06/03 17:40:50 | 00,000,057 | ---- | C] () -- D:\WINDOWS\PROGMAN.INI
[2006/05/28 13:22:59 | 00,000,006 | ---- | C] () -- D:\WINDOWS\System32\cuatro.ini
[2006/05/24 11:57:00 | 00,000,150 | ---- | C] () -- D:\WINDOWS\ODBCDRV.INI
[2006/05/23 19:07:50 | 00,000,022 | ---- | C] () -- D:\WINDOWS\blackops.ini
[2006/05/08 16:43:55 | 00,000,103 | ---- | C] () -- D:\WINDOWS\gkerde3d.INI
[2006/05/08 16:37:43 | 00,001,172 | ---- | C] () -- D:\WINDOWS\timetime.ini
[2006/05/08 16:36:55 | 00,000,109 | ---- | C] () -- D:\WINDOWS\stargazr.ini
[2006/05/08 15:33:11 | 00,000,117 | ---- | C] () -- D:\WINDOWS\TemplateBuilder.INI
[2006/05/03 04:08:24 | 00,000,748 | ---- | C] () -- D:\WINDOWS\SetBrowser.ini
[2006/04/16 20:38:07 | 00,000,026 | ---- | C] () -- D:\WINDOWS\DfrgUIEx.INI
[2006/04/15 20:55:42 | 00,000,000 | ---- | C] () -- D:\WINDOWS\MSINFO32.INI
[2006/03/24 12:48:07 | 00,000,614 | ---- | C] () -- D:\WINDOWS\videoimp.ini
[2006/03/24 12:47:39 | 00,000,021 | ---- | C] () -- D:\WINDOWS\CS_setup.ini
[2006/03/20 09:58:38 | 00,000,036 | ---- | C] () -- D:\WINDOWS\Tiny_Run.ini
[2006/01/22 16:45:11 | 00,000,600 | ---- | C] () -- D:\WINDOWS\Rtcw.INI
[2006/01/14 19:59:33 | 00,000,203 | ---- | C] () -- D:\WINDOWS\cdplayer.ini
[2005/12/31 14:18:33 | 00,000,055 | ---- | C] () -- D:\WINDOWS\3D Studio MAX® R3 EReg.ini
[2005/12/31 14:13:55 | 00,073,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\SENTINEL.SYS
[2005/12/31 14:13:55 | 00,047,616 | ---- | C] () -- D:\WINDOWS\System32\SNTI386.DLL
[2005/12/31 14:13:55 | 00,017,920 | ---- | C] () -- D:\WINDOWS\System32\RNBOVDD.DLL
[2005/12/31 13:46:31 | 00,006,592 | ---- | C] () -- D:\WINDOWS\gwpreset.ini
[2005/12/31 13:46:31 | 00,000,435 | ---- | C] () -- D:\WINDOWS\goldwave.ini
[2005/12/17 14:47:33 | 00,000,004 | ---- | C] () -- D:\WINDOWS\System32\Vbe.dll
[2005/10/02 19:59:18 | 00,000,031 | ---- | C] () -- D:\WINDOWS\bluevoda.ini
[2005/09/12 16:50:24 | 00,000,092 | ---- | C] () -- D:\WINDOWS\lampron.ini
[2005/09/09 17:45:57 | 00,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2005/09/08 11:02:23 | 00,000,195 | ---- | C] () -- D:\WINDOWS\POD.INI
[2005/09/08 11:01:15 | 00,000,000 | ---- | C] () -- D:\WINDOWS\PROTOCOL.INI
[2005/09/07 16:14:55 | 00,000,892 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/09/07 15:47:14 | 00,001,125 | ---- | C] () -- D:\WINDOWS\winamp.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2002/05/28 07:22:36 | 00,106,496 | ---- | C] () -- D:\WINDOWS\japi.dll
[2001/08/31 10:49:44 | 00,000,218 | ---- | C] () -- D:\WINDOWS\oraodbc.ini
[2001/08/23 15:00:00 | 00,001,002 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 15:00:00 | 00,000,287 | ---- | C] () -- D:\WINDOWS\system.ini
[2001/06/24 15:02:44 | 00,172,032 | ---- | C] () -- D:\WINDOWS\japi2.dll
[2000/06/28 11:02:27 | 00,282,112 | ---- | C] () -- D:\WINDOWS\System32\cncs232.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- D:\WINDOWS\System32\sysres.dll
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- D:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- D:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- D:\WINDOWS\FRONTPG.INI
[1997/06/14 00:56:08 | 00,056,832 | ---- | C] () -- D:\WINDOWS\System32\Iyvu9_32.dll
[1996/04/04 01:03:26 | 00,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[3 D:\*.tmp files]
[2009/05/13 08:50:00 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/05/13 08:49:56 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\first\Local Settings\desktop.ini
[2009/05/13 08:49:50 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/05/13 08:49:48 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/05/11 10:11:16 | 00,000,926 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-117609710-839522115-1003.job
[2009/05/11 09:57:48 | 00,286,208 | ---- | M] () -- D:\Documents and Settings\first\Desktop\elkiynmc.exe
[2009/05/11 09:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\OTListIt2.exe
[2009/05/11 09:48:16 | 00,000,506 | ---- | M] () -- D:\Documents and Settings\first\Desktop\ERUNT.lnk
[2009/05/10 08:01:00 | 00,001,125 | ---- | M] () -- D:\WINDOWS\winamp.ini
[2009/05/08 15:38:52 | 00,000,513 | ---- | M] () -- D:\Documents and Settings\first\Desktop\FileZilla Client.lnk
[2009/05/07 11:52:36 | 00,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2009/05/06 21:08:58 | 00,000,000 | -H-- | M] () -- D:\Documents and Settings\first\My Documents\Default.rdp
[2009/05/06 12:34:06 | 00,000,131 | ---- | M] () -- D:\WINDOWS\CRC.INI
[2009/05/06 08:04:44 | 00,020,480 | ---- | M] () -- D:\Documents and Settings\first\My Documents\sib.doc
[2009/05/04 22:03:08 | 00,024,064 | ---- | M] () -- D:\Documents and Settings\first\My Documents\covering letter.doc
[2009/05/04 14:16:52 | 43,405,312 | ---- | M] () -- D:\WINDOWS\System32\BMUZDI
[2009/05/04 12:19:20 | 00,001,002 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/05/04 10:13:02 | 00,000,287 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/05/03 20:27:40 | 00,000,440 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 04:40:58 | 00,290,816 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\winsrv.dll
[2009/04/29 23:11:48 | 00,000,301 | ---- | M] () -- D:\WINDOWS\Wininit.ini
[2009/04/29 20:11:36 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\first\My Documents\AGREEMENT OF LICENSE TO OCCUPY BUILING.doc
[2009/04/24 12:37:34 | 00,002,617 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/04/24 11:23:22 | 00,001,799 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/04/24 09:24:56 | 00,000,559 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/23 08:25:18 | 00,000,610 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 13:21:52 | 00,000,127 | ---- | M] () -- D:\WINDOWS\_delis43.ini

========== Custom Scans ==========


< HKLM\SYSTEM >

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014]

[HKEY_LOCAL_MACHINE\SYSTEM\LastKnownGoodRecovery]

[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]

[HKEY_LOCAL_MACHINE\SYSTEM\Select]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\WPA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]

< HKLM\SYSTEM\select >
"Current" = 13
"Default" = 13
"Failed" = 12
"LastKnownGood" = 14
< End of report >

----------------------

Thanks for all the help you are giving!

The first scan didn't ask me to reboot, so I just saved the log file.

And BTW, its Sarat, not Serat.

Hello, sarat

And BTW, its Sarat, not Serat.

I'm sorry... kick me now

Before performing the next batch file step, please download SWREG from the following location:
http://www.xs4all.nl/~fstaal01/downloads/swreg.exe
Save it to the same location as the batch file you create (should be your desktop)
The batch will not work correctly if that is not downloaded to that location.

We need to execute a Batch File

• Go to Start -> Run, and type "notepad" into the box.
• Press ok.
• Copy and paste the following code into notepad:
  

  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010" /p /oa /ge:f /RE-SET
  swreg acl "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011" /p /oa /ge:f /RE-SET
  shutdown -r -t 00 -f

• Go to File -> Save
• To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
• Enter fix.bat into the "File name:" box just above the "Save as Type" box.
• Double click fix.bat on your desktop.

We need to run an OTListIt2 Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  

  HKLM\SYSTEM
  HKLM\SYSTEM\select

• Push
• A report will open. Copy and Paste that report in your next reply.

Also please let me know how things are running at this point -- are things any better?

In your next reply, please include the following:

• OTListIt2 Scan Log (With custom scan)

Billy3

Hey...no problem about the name thing..you're helping me.

Here is the log -

--------

OTListIt logfile created on: 5/13/2009 1:56:42 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = D:\Documents and Settings\first\Desktop\Bleeping computer cleanup
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 38.02 Mb Available Physical Memory | 14.88% Memory free
1.31 Gb Paging File | 0.97 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 720 720 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.03 Gb Total Space | 1.91 Gb Free Space | 38.03% Space Free | Partition Type: FAT32
Drive D: | 12.41 Gb Total Space | 1.88 Gb Free Space | 15.13% Space Free | Partition Type: FAT32
Drive E: | 7.53 Gb Total Space | 1.99 Gb Free Space | 26.49% Space Free | Partition Type: FAT32
Drive F: | 11.49 Gb Total Space | 0.85 Gb Free Space | 7.41% Space Free | Partition Type: FAT32
Drive G: | 8.95 Gb Total Space | 1.81 Gb Free Space | 20.25% Space Free | Partition Type: FAT32
Drive H: | 9.54 Gb Total Space | 3.72 Gb Free Space | 38.98% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 19.56 Gb Total Space | 13.19 Gb Free Space | 67.42% Space Free | Partition Type: NTFS

Computer Name: PERSONAL
Current User Name: first
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/06 02:31:26 | 00,018,752 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/06 02:38:40 | 00,138,680 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashServ.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/03/19 15:25:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe
PRC - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/01/11 17:48:50 | 00,063,112 | ---- | M] (CANON INC.) -- D:\WINDOWS\system32\CNAB3RPK.EXE
PRC - [2009/02/06 02:38:26 | 00,254,040 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2004/08/03 19:26:50 | 03,194,368 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 02:36:04 | 00,352,920 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashWebSv.exe
PRC - [2003/12/18 11:15:26 | 00,180,224 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\pctspk.exe
PRC - [2009/02/06 02:38:46 | 00,081,000 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/24 11:23:12 | 00,016,384 | ---- | M] () -- D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
PRC - [2005/09/20 10:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/03 01:55:24 | 00,766,448 | ---- | M] (Google Inc.) -- D:\Documents and Settings\first\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/11 09:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\first\Desktop\Bleeping computer cleanup\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/06 02:31:26 | 00,018,752 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/06 02:38:40 | 00,138,680 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/06 02:38:26 | 00,254,040 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/06 02:36:04 | 00,352,920 | ---- | M] (ALWIL Software) -- H:\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/03/03 21:39:44 | 00,242,688 | ---- | M] (Outertech) -- H:\Cacheman\CachemanXP\CachemanXP.exe -- (CachemanXPService [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/03/19 15:25:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006/10/16 16:10:58 | 00,023,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- H:\Visual Basic\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/06 02:35:12 | 00,026,944 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2003/03/14 00:04:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- D:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [2009/02/06 02:37:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/06 02:38:10 | 00,094,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/06 02:36:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/06 02:37:24 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/06 02:36:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/07/12 16:28:54 | 00,049,904 | R--- | M] (Avanquest Software) -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - [2003/09/15 11:49:42 | 00,752,960 | ---- | M] (C-Media Inc) -- D:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
DRV - [2006/11/30 17:07:32 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- D:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/04 01:03:26 | 00,005,248 | ---- | M] () -- D:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/03/10 19:12:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Running])
DRV - [2008/06/03 13:03:20 | 00,194,320 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF [On_Demand | Stopped])
DRV - [2007/04/04 14:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2004/03/03 15:20:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
DRV - [2004/03/03 15:20:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2002/09/20 16:23:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- D:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/10/18 11:48:38 | 00,154,752 | ---- | M] (PixArt Imaging Inc.) -- D:\WINDOWS\system32\DRIVERS\PA707UCM.SYS -- (PAC7311 [On_Demand | Running])
DRV - [2001/08/23 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/12/18 09:30:36 | 00,356,351 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptserial.sys -- (Ptserial [On_Demand | Running])
DRV - [2007/03/08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/02/27 03:16:20 | 00,081,408 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2001/08/23 18:33:54 | 00,025,434 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- H:\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/02/22 16:10:24 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/05/09 02:30:56 | 00,033,248 | ---- | M] (Sonic Focus, Inc) -- D:\WINDOWS\system32\drivers\sf.sys -- (sf [System | Running])
DRV - [2003/01/10 12:05:10 | 00,007,424 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Stopped])
DRV - [2003/10/14 18:40:00 | 00,036,484 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2002/10/23 09:05:06 | 00,021,963 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\DRIVERS\smb.sys -- (smbusp [On_Demand | Stopped])
DRV - [2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- D:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2006/09/24 18:58:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- D:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006/11/30 17:02:52 | 00,664,064 | ---- | M] () -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/02/15 14:14:28 | 00,019,840 | ---- | M] (Generic) -- D:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2006/12/09 21:36:02 | 00,023,600 | ---- | M] (EnTech Taiwan) -- D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2004/06/11 02:12:38 | 00,015,429 | R--- | M] ( ) -- D:\WINDOWS\system32\DRIVERS\Sacm2A.sys -- (USBCM [On_Demand | Running])
DRV - [2003/12/18 09:29:32 | 00,703,737 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem [On_Demand | Running])
DRV - [2003/12/18 09:27:52 | 00,801,906 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom [On_Demand | Running])
DRV - [2003/12/18 09:30:08 | 00,070,384 | R--- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice [On_Demand | Running])
DRV - [2006/11/07 09:42:16 | 00,061,504 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200bus.sys -- (w200bus [On_Demand | Stopped])
DRV - [2006/11/07 09:42:22 | 00,009,328 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped])
DRV - [2006/11/07 09:42:24 | 00,097,056 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mdm.sys -- (w200mdm [On_Demand | Stopped])
DRV - [2006/11/07 09:42:28 | 00,088,560 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped])
DRV - [2006/11/07 09:42:30 | 00,086,368 | R--- | M] (MCCI) -- D:\WINDOWS\system32\DRIVERS\w200obex.sys -- (w200obex [On_Demand | Stopped])
DRV - [2003/04/15 16:10:54 | 00,113,504 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 16:10:46 | 00,078,752 | ---- | M] (Intel Corporation) -- D:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2006/10/06 14:22:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2006/10/06 14:21:58 | 00,000,000 | ---D | M]

[2008/06/18 11:01:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\first\Application Data\mozilla\Extensions
[2008/06/18 11:01:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\first\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/04/16 22:33:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2007/04/16 22:35:22 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/19 21:07:18 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/25 16:00:44 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/22 15:53:16 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/05 21:19:26 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/10/04 15:34:54 | 00,134,656 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/04 15:34:54 | 00,023,040 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/10/04 15:35:00 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/04 15:35:00 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/04 15:35:00 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/04 15:35:00 | 00,002,642 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/04 15:35:00 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/04 15:35:00 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/04 15:35:00 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306336 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10547 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] H:\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PCTVOICE] pctspk.exe (Conexant Systems, Inc.)
O4 - HKCU..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with Download Accelerator Lite - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Search - ?p=ZNxmk789YYIN File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://www.shockwave.com/content/cinematyc...inematycoon.cab (TikGames Online Control)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - D:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (E:\KASPER~1\adialhk.dll) - E:\Kaspersky\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\SUPERAntiSpyware\SASWINLO.dll - H:\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 D:\*.tmp files]
[2009/05/13 13:55:31 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Desktop\Bleeping computer cleanup
[2009/05/13 09:11:09 | 00,000,000 | ---D | C] -- D:\_OTListIt
[2009/05/11 09:48:14 | 00,000,506 | ---- | C] () -- D:\Documents and Settings\first\Desktop\ERUNT.lnk
[2009/05/11 09:48:13 | 00,000,000 | ---D | C] -- D:\Program Files\ERUNT
[2009/05/08 15:38:50 | 00,000,513 | ---- | C] () -- D:\Documents and Settings\first\Desktop\FileZilla Client.lnk
[2009/05/06 21:08:56 | 00,000,000 | -H-- | C] () -- D:\Documents and Settings\first\My Documents\Default.rdp
[2009/05/06 12:17:46 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Windows Script
[2009/05/06 07:31:46 | 00,020,480 | ---- | C] () -- D:\Documents and Settings\first\My Documents\sib.doc
[2009/05/04 21:59:44 | 00,024,064 | ---- | C] () -- D:\Documents and Settings\first\My Documents\covering letter.doc
[2009/05/04 14:14:13 | 43,405,312 | ---- | C] () -- D:\WINDOWS\System32\BMUZDI
[2009/05/03 20:27:56 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/03 20:27:39 | 00,000,440 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/03 20:27:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Application Data\SUPERAntiSpyware.com
[2009/05/03 20:26:34 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 04:47:25 | 00,290,816 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\winsrv.dll
[2009/04/30 04:47:24 | 00,000,000 | ---D | C] -- D:\WINDOWS
[2009/04/25 08:45:49 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\first\My Documents\AGREEMENT OF LICENSE TO OCCUPY BUILING.doc
[2009/04/25 08:40:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\My Documents\New Folder
[2009/04/24 13:28:10 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/24 12:03:52 | 00,000,000 | ---D | C] -- D:\Program Files\Folding@home
[2009/04/24 12:03:52 | 00,000,000 | ---D | C] -- D:\Documents and Settings\first\Application Data\Folding@home-x86
[2009/04/24 11:23:21 | 00,001,799 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/04/24 09:24:54 | 00,000,559 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/24 09:24:53 | 00,051,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/24 09:24:53 | 00,026,944 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/24 09:24:53 | 00,023,152 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/24 09:24:52 | 00,097,480 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\AvastSS.scr
[2009/04/24 09:24:51 | 00,020,560 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/24 09:24:50 | 00,114,768 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/24 09:24:50 | 00,094,032 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/24 09:24:50 | 00,093,296 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/24 09:24:33 | 01,256,296 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/04/24 09:24:33 | 00,380,928 | ---- | C] () -- D:\WINDOWS\System32\actskin4.ocx
[2009/04/23 08:25:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009/04/23 08:25:16 | 00,000,610 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 08:25:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/23 08:25:11 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/04/22 13:21:50 | 00,000,127 | ---- | C] () -- D:\WINDOWS\_delis43.ini
[2009/04/21 16:54:12 | 00,014,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spmsg2.dll
[2009/04/21 16:49:30 | 00,000,000 | ---D | C] -- D:\Program Files\MSXML 6.0
[2009/04/21 16:10:43 | 00,081,408 | R--- | C] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/03/01 20:52:45 | 00,000,131 | ---- | C] () -- D:\WINDOWS\CRC.INI
[2009/01/20 12:26:46 | 00,000,079 | ---- | C] () -- D:\WINDOWS\SYMGAMES.INI
[2008/05/26 16:09:47 | 00,000,000 | ---- | C] () -- D:\WINDOWS\galaxy.ini
[2008/02/17 16:08:38 | 00,000,092 | ---- | C] () -- D:\WINDOWS\CMISETUP.INI
[2008/02/17 16:08:32 | 00,000,301 | ---- | C] () -- D:\WINDOWS\Wininit.ini
[2008/02/17 16:08:21 | 00,028,672 | ---- | C] () -- D:\WINDOWS\CMIRmDriver.dll
[2008/02/17 15:43:47 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll
[2008/02/17 15:11:03 | 00,000,026 | ---- | C] () -- D:\WINDOWS\CMCDPLAY.INI
[2008/02/16 19:56:46 | 00,156,672 | R--- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini
[2007/11/08 19:19:55 | 00,000,000 | ---- | C] () -- D:\WINDOWS\autorun.INI
[2007/10/29 18:47:55 | 00,000,000 | ---- | C] () -- D:\WINDOWS\procui.INI
[2007/10/24 19:40:57 | 00,033,228 | ---- | C] () -- D:\WINDOWS\unvpeye.ini
[2007/06/22 21:35:38 | 00,000,199 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2007/06/05 15:17:32 | 00,000,417 | ---- | C] () -- D:\WINDOWS\barcode.ini
[2007/02/25 11:55:55 | 00,051,712 | ---- | C] () -- D:\WINDOWS\wc98pp.dll
[2006/12/22 13:15:58 | 00,000,152 | RHS- | C] () -- D:\WINDOWS\System32\1854DBF97A.dll
[2006/12/22 12:21:23 | 00,000,067 | ---- | C] () -- D:\WINDOWS\IDMan.INI
[2006/11/30 17:02:50 | 00,664,064 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2006/11/30 17:02:50 | 00,096,256 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd8157.sys
[2006/09/16 16:27:23 | 00,053,693 | R--- | C] () -- D:\WINDOWS\UNDPX2A.sys
[2006/09/16 16:27:21 | 00,015,429 | R--- | C] ( ) -- D:\WINDOWS\System32\drivers\Sacm2A.sys
[2006/06/03 17:40:50 | 00,000,057 | ---- | C] () -- D:\WINDOWS\PROGMAN.INI
[2006/05/28 13:22:59 | 00,000,006 | ---- | C] () -- D:\WINDOWS\System32\cuatro.ini
[2006/05/24 11:57:00 | 00,000,150 | ---- | C] () -- D:\WINDOWS\ODBCDRV.INI
[2006/05/23 19:07:50 | 00,000,022 | ---- | C] () -- D:\WINDOWS\blackops.ini
[2006/05/08 16:43:55 | 00,000,103 | ---- | C] () -- D:\WINDOWS\gkerde3d.INI
[2006/05/08 16:37:43 | 00,001,172 | ---- | C] () -- D:\WINDOWS\timetime.ini
[2006/05/08 16:36:55 | 00,000,109 | ---- | C] () -- D:\WINDOWS\stargazr.ini
[2006/05/08 15:33:11 | 00,000,117 | ---- | C] () -- D:\WINDOWS\TemplateBuilder.INI
[2006/05/03 04:08:24 | 00,000,748 | ---- | C] () -- D:\WINDOWS\SetBrowser.ini
[2006/04/16 20:38:07 | 00,000,026 | ---- | C] () -- D:\WINDOWS\DfrgUIEx.INI
[2006/04/15 20:55:42 | 00,000,000 | ---- | C] () -- D:\WINDOWS\MSINFO32.INI
[2006/03/24 12:48:07 | 00,000,614 | ---- | C] () -- D:\WINDOWS\videoimp.ini
[2006/03/24 12:47:39 | 00,000,021 | ---- | C] () -- D:\WINDOWS\CS_setup.ini
[2006/03/20 09:58:38 | 00,000,036 | ---- | C] () -- D:\WINDOWS\Tiny_Run.ini
[2006/01/22 16:45:11 | 00,000,600 | ---- | C] () -- D:\WINDOWS\Rtcw.INI
[2006/01/14 19:59:33 | 00,000,203 | ---- | C] () -- D:\WINDOWS\cdplayer.ini
[2005/12/31 14:18:33 | 00,000,055 | ---- | C] () -- D:\WINDOWS\3D Studio MAX® R3 EReg.ini
[2005/12/31 14:13:55 | 00,073,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\SENTINEL.SYS
[2005/12/31 14:13:55 | 00,047,616 | ---- | C] () -- D:\WINDOWS\System32\SNTI386.DLL
[2005/12/31 14:13:55 | 00,017,920 | ---- | C] () -- D:\WINDOWS\System32\RNBOVDD.DLL
[2005/12/31 13:46:31 | 00,006,592 | ---- | C] () -- D:\WINDOWS\gwpreset.ini
[2005/12/31 13:46:31 | 00,000,435 | ---- | C] () -- D:\WINDOWS\goldwave.ini
[2005/12/17 14:47:33 | 00,000,004 | ---- | C] () -- D:\WINDOWS\System32\Vbe.dll
[2005/10/02 19:59:18 | 00,000,031 | ---- | C] () -- D:\WINDOWS\bluevoda.ini
[2005/09/12 16:50:24 | 00,000,092 | ---- | C] () -- D:\WINDOWS\lampron.ini
[2005/09/09 17:45:57 | 00,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2005/09/08 11:02:23 | 00,000,195 | ---- | C] () -- D:\WINDOWS\POD.INI
[2005/09/08 11:01:15 | 00,000,000 | ---- | C] () -- D:\WINDOWS\PROTOCOL.INI
[2005/09/07 16:14:55 | 00,000,892 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/09/07 15:47:14 | 00,001,125 | ---- | C] () -- D:\WINDOWS\winamp.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2002/05/28 07:22:36 | 00,106,496 | ---- | C] () -- D:\WINDOWS\japi.dll
[2001/08/31 10:49:44 | 00,000,218 | ---- | C] () -- D:\WINDOWS\oraodbc.ini
[2001/08/23 15:00:00 | 00,001,002 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 15:00:00 | 00,000,287 | ---- | C] () -- D:\WINDOWS\system.ini
[2001/06/24 15:02:44 | 00,172,032 | ---- | C] () -- D:\WINDOWS\japi2.dll
[2000/06/28 11:02:27 | 00,282,112 | ---- | C] () -- D:\WINDOWS\System32\cncs232.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- D:\WINDOWS\System32\sysres.dll
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- D:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- D:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- D:\WINDOWS\FRONTPG.INI
[1997/06/14 00:56:08 | 00,056,832 | ---- | C] () -- D:\WINDOWS\System32\Iyvu9_32.dll
[1996/04/04 01:03:26 | 00,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[3 D:\*.tmp files]
[2009/05/13 13:29:52 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\first\Local Settings\desktop.ini
[2009/05/13 13:29:38 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/05/13 13:29:30 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/05/13 12:54:34 | 00,000,926 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-117609710-839522115-1003.job
[2009/05/13 08:49:50 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/05/11 09:48:16 | 00,000,506 | ---- | M] () -- D:\Documents and Settings\first\Desktop\ERUNT.lnk
[2009/05/10 08:01:00 | 00,001,125 | ---- | M] () -- D:\WINDOWS\winamp.ini
[2009/05/08 15:38:52 | 00,000,513 | ---- | M] () -- D:\Documents and Settings\first\Desktop\FileZilla Client.lnk
[2009/05/07 11:52:36 | 00,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2009/05/06 21:08:58 | 00,000,000 | -H-- | M] () -- D:\Documents and Settings\first\My Documents\Default.rdp
[2009/05/06 12:34:06 | 00,000,131 | ---- | M] () -- D:\WINDOWS\CRC.INI
[2009/05/06 08:04:44 | 00,020,480 | ---- | M] () -- D:\Documents and Settings\first\My Documents\sib.doc
[2009/05/04 22:03:08 | 00,024,064 | ---- | M] () -- D:\Documents and Settings\first\My Documents\covering letter.doc
[2009/05/04 14:16:52 | 43,405,312 | ---- | M] () -- D:\WINDOWS\System32\BMUZDI
[2009/05/04 12:19:20 | 00,001,002 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/05/04 10:13:02 | 00,000,287 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/05/03 20:27:40 | 00,000,440 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 04:40:58 | 00,290,816 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\winsrv.dll
[2009/04/29 23:11:48 | 00,000,301 | ---- | M] () -- D:\WINDOWS\Wininit.ini
[2009/04/29 20:11:36 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\first\My Documents\AGREEMENT OF LICENSE TO OCCUPY BUILING.doc
[2009/04/24 12:37:34 | 00,002,617 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/04/24 11:23:22 | 00,001,799 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/04/24 09:24:56 | 00,000,559 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/23 08:25:18 | 00,000,610 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 13:21:52 | 00,000,127 | ---- | M] () -- D:\WINDOWS\_delis43.ini

========== Custom Scans ==========


< HKLM\SYSTEM >

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014]

[HKEY_LOCAL_MACHINE\SYSTEM\LastKnownGoodRecovery]

[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]

[HKEY_LOCAL_MACHINE\SYSTEM\Select]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\WPA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]

< HKLM\SYSTEM\select >
"Current" = 13
"Default" = 13
"Failed" = 12
"LastKnownGood" = 14
< End of report >
--------------

Things are going fine; the scrollbar problem is not back. The system is running is fast too. The only problem is the shutdown time, which is too long. Almost 8 times out of 10, the shutdown screen takes a long time on the 'Saving your settings' screen, but sometimes it goes quickly. Startup is slow, too, but I suppose that is due to the RAM decrease (I've disabled some unessential startup programs through Spybot's tool).

Can you tell me (in layman's terms) what are we doing exactly, running these tools?

Thanks,
Sarat

Edited to Add : Since I might just as well say everything. System Restore, Help and Support, and Search function no longer works on my computer. It must be 2 months since this started. System Restore and help does not start at all, while Search function loads a window with no search bar or anything, just the address bar, and the left side blue shaded area with the puppy (you know, the help assistant one. )

Edited by sarat, 13 May 2009 - 04:03 AM.

Hello, sarat
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author:

How to run ComboFix:

• Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • This is a mirror.
  • This is another mirror.
  • This is yet another mirror.
• Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
• Double click on your desktop.
• Read and accept (Press Yes) to the disclaimer.
• For Windows XP Systems: Install the Recovery Console:
  • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
  • When prompted to accept the EULA, press OK.
  • Accept Microsoft's EULA (Press Yes).
  • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
• ComboFix will run. Simply wait for it to finish.
• When it finishes, ComboFix will produce a log. Please post that log in your next reply here

NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:

• ComboFix.txt

Billy3

I ran Combofix as you said. It installed the recovery console, and then ran the scan with 50 stages. Anyway, the first time it rebooted, I got a BSOD, so I restarted the computer. Shutdown times are good now, with no lag. Startup time is only slightly faster. The time where it seems to take the most is when where there is a black screen with the Windows XP logo and a blue bar goes from left to right. Right now, the blue bar moves for around 16 times or so.

I do not like a particular change Combofix has brought, that is changing the time the OS menu is displayed. Previously it was 30 sec, now it is only 2. Is it OK to change it back?

Here is the log

---------------

ComboFix 09-05-13.02 - first 05/14/2009 10:34.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.93 [GMT 5.5:30]
Running from: d:\documents and settings\first\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\docume~1\first\LOCALS~1\Temp\IadHide4.dll
d:\documents and settings\first\Local Settings\Temp\IadHide4.dll
d:\program files\INSTALL.LOG
d:\windows\IE4 Error Log.txt
d:\windows\system32\mdm.exe
d:\windows\up.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-13 03:41 . 2009-05-13 03:41 -------- d-----w D:\_OTListIt
2009-05-11 04:18 . 2009-05-11 04:18 -------- d-----w d:\program files\ERUNT
2009-05-06 06:47 . 2009-05-06 06:47 -------- d-----w d:\program files\Microsoft Windows Script
2009-05-03 14:57 . 2009-05-03 14:57 -------- d-----w d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-03 14:57 . 2009-05-03 14:57 -------- d-----w d:\documents and settings\first\Application Data\SUPERAntiSpyware.com
2009-05-03 14:56 . 2009-05-03 14:56 -------- d-----w d:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 04:43 . 2009-05-04 04:43 0 ----a-w D:\CEPx9C02.tmp
2009-04-29 23:10 . 2009-04-29 23:17 290816 ----a-w d:\windows\winsrv.dll
2009-04-24 06:33 . 2009-04-24 06:33 -------- d-----w d:\program files\Folding@home
2009-04-23 02:55 . 2009-04-23 02:55 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-04-21 11:19 . 2009-04-21 11:19 -------- d-----w d:\program files\MSXML 6.0
2009-04-06 10:02 . 2009-04-23 02:55 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 10:02 . 2009-04-23 02:55 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-03-26 02:14 . 2009-03-26 02:14 -------- d-----w d:\program files\NeoSmart Technologies
2009-03-22 07:55 . 2009-03-22 07:55 0 ----a-w D:\CEPx168A.tmp
2009-02-14 15:43 . 2004-08-03 12:14 359808 ----a-w d:\windows\system32\drivers\TCPIP.SYS
2007-01-17 11:27 . 2006-12-22 07:45 152 --sh--r d:\windows\system32\1854DBF97A.dll
2008-10-08 04:55 . 2008-06-04 11:51 32 --sha-w d:\windows\system32\drivers\fidbox.dat
2008-10-08 04:55 . 2008-06-04 11:51 32 --sha-w d:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2006-05-10 05:23 1136128 5B9B7669DBE5F9DF36ED7158EFDF961A d:\windows\system32\wininet.dll
[-] 2006-05-10 05:23 1136128 5B9B7669DBE5F9DF36ED7158EFDF961A d:\windows\system32\dllcache\wininet.dll
[7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F d:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C d:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B d:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 d:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC d:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 d:\windows\SoftwareDistribution\Download\01cd5ce76aab2e96c5bc0130d8dde39a\sp2gdr\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C d:\windows\SoftwareDistribution\Download\01cd5ce76aab2e96c5bc0130d8dde39a\sp2qfe\wininet.dll

[-] 2009-02-14 15:43 359808 19F73560B94F2970DF11D05B9CB04854 d:\windows\system32\drivers\TCPIP.SYS
[-] 2009-02-14 15:43 359808 19F73560B94F2970DF11D05B9CB04854 d:\windows\system32\dllcache\TCPIP.SYS
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E d:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 d:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2004-08-03 13:56 3194368 5EF48912206FF9225BA9CB3D26917DB1 d:\windows\explorer.exe
[-] 2004-08-03 13:56 3194368 5EF48912206FF9225BA9CB3D26917DB1 d:\windows\system32\dllcache\explorer.exe

[-] 2005-05-25 22:46 116504 AE8E5AB36E35E75C9FA9AC9415D10E09 d:\windows\system32\wuauclt.exe
[-] 2005-05-25 22:46 116504 AE8E5AB36E35E75C9FA9AC9415D10E09 d:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LDM"="d:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-04-24 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\alwils~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PCTVOICE"="pctspk.exe" - d:\windows\system32\pctspk.exe [2003-12-18 180224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - d:\windows\system32\narrator.exe [2004-08-03 48128]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-4-24 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\superantispyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 06:35 356352 ----a-w h:\superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\kasper~1\adialhk.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave7"= serwvdrv.dll
"wave8"= serwvdrv.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Down2Home.lnk]
backup=d:\windows\pss\Down2Home.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=d:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=d:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=d:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=d:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^PrivacyKit privacy protection software.lnk]
backup=d:\windows\pss\PrivacyKit privacy protection software.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^RocketDock.lnk]
backup=d:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=d:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^Y'z ToolBar.lnk]
backup=d:\windows\pss\Y'z Toolbar.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"zBrowser Launcher"=d:\program files\Logitech\iTouch\iTouch.exe
"Logitech Utility"=Logi_MwX.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\WINDOWS\\System32\\DxDiag.exe"=
"d:\\WINDOWS\\System32\\dpnsvr.exe"=
"d:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"d:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"h:\\Visual Basic\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"d:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"d:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"d:\\Documents and Settings\\FIRST\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"h:\\Need for Speed Underground 2\\speed2.exe"=
"f:\\NFS Most wanted\\speed.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\I Tunes\\iTunes.exe"=
"e:\\FlashGet\\flashget.exe"=
"d:\\WINDOWS\\System32\\dpvsetup.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [4/24/2009 9:24 AM 114768]
R1 SASDIFSV;SASDIFSV;h:\superantispyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;h:\superantispyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [4/24/2009 9:24 AM 20560]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [4/4/2007 2:58 PM 24344]
R3 PAC7311;VGA SoC PC-Camer@;d:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 11:48 AM 154752]
S2 spupdsvc;Windows Service Pack Installer update service;d:\windows\system32\spupdsvc.exe [9/13/2005 9:22 PM 23856]
S3 CachemanXPService;CachemanXP;h:\cacheman\CACHEM~1\CachemanXP.exe [4/6/2008 3:24 PM 242688]
S3 Dantrtsrlc;Dantrtsrlc; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\43.tmp --> d:\windows\system32\43.tmp [?]
S3 SASENUM;SASENUM;h:\superantispyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 w200bus;Sony Ericsson W200 driver (WDM);d:\windows\system32\drivers\w200bus.sys [7/5/2008 10:24 PM 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;d:\windows\system32\drivers\w200mdfl.sys [7/5/2008 10:24 PM 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;d:\windows\system32\drivers\w200mdm.sys [7/5/2008 10:24 PM 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\w200mgmt.sys [7/5/2008 10:24 PM 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;d:\windows\system32\drivers\w200obex.sys [7/5/2008 10:24 PM 86368]
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-117609710-839522115-1003.job
- d:\documents and settings\first\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - e:\flashget\jc_all.htm
IE: &Download with Download Accelerator Lite
IE: &Download with FlashGet - e:\flashget\jc_link.htm
IE: &Search - ?p=ZNxmk789YYIN
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - d:\windows\wc98pp.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 10:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\MEMSWEEP2]
"ImagePath"="\??\d:\windows\system32\43.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986582B1-E935-5877-BBF6-3F1AB368241A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hafbdegpfbcjfdel"=hex:61,61,00,7c
"jafbdegpfbcjfdelckle"=hex:63,61,6d,68,70,61,00,7c
"panbcgoipgejfolmmadbammmnmponbgk"=hex:64,61,69,68,64,62,66,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,d3,a4,19,87,d3,16,48,1a,c6,10,da,68,a0,b2,fd,c4,fd,da,12,ad,
be,94,93,6c,0a,df,61,d5,23,46,d3,ca,d1,86,bd,4f,f8,06,be,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
h:\superantispyware\SASWINLO.dll
d:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3964)
d:\windows\system32\CRYPT32.dll
d:\windows\System32\cscui.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
h:\alwil software\Avast4\aswUpdSv.exe
h:\alwil software\Avast4\ashServ.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
d:\windows\System32\PAStiSvc.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\CNAB3RPK.EXE
.
**************************************************************************
.
Completion time: 2009-05-14 10:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-14 05:13

Pre-Run: 1,952,210,944 bytes free
Post-Run: 2,017,058,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
c:\ ="Microsoft Windows"

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
251

-------

Hello, sarat

Previously it was 30 sec, now it is only 2. Is it OK to change it back?

Go ahead That routine was written without MultiBoot machines in mind because they're so rare ;)

Some of the files in your installation have been replaced with bad copies. We need to restore these from a windows CD. Do you have one available?

We need to re-run ComboFix with some additonal directives.

• Please disable any running anti-virus programs.
  

  If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  http://www.bleepingcomputer.com/forums/t/222340/scrolling-problem-and-noticeable-slowdown/?p=1262641
  collect::
  d:\windows\winsrv.dll
  d:\windows\system32\dllcache\wininet.dll
  d:\windows\system32\dllcache\TCPIP.SYS
  d:\windows\system32\dllcache\explorer.exe
  d:\windows\system32\dllcache\wuauclt.exe
  d:\windows\system32\spupdsvc.exe
  file::
  D:\CEPx9C02.tmp
  D:\CEPx168A.tmp
  fcopy::
  d:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll | d:\windows\system32\wininet.dll
  driver::
  Dantrtsrlc
  spupdsvc
  reglock::
  [HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
  regnull::
  [HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986582B1-E935-5877-BBF6-3F1AB368241A}*]
  reglockdel::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

• Save this as CFScript.txt, in the same location as ComboFix.exe
• 
  Refering to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:

• ComboFix.txt

Billy3

Hello Billy,

No, I don't have a Windows Installation Disc. But since I now have Recovery Console installed, wouldn't it fill the same purpose?

Your last steps caused me a fair amount of trouble. After Combofix running and rebooting, Windows won't start (it shows a BSOD) because winsrv was not found. This same problem occurred to me before when Spybot was cleaning an infection. At that time, I had no other alternative, so I booted with my Ubuntu live CD, downloaded a copy of winsrv.dll from a dll site, and then pasted it to the system32 folder. This time, however I got a copy from the dllcache folder in the system32 folder. Is this type of replacing what you mean as important Windows files being replaced by bad copies?

Anyway, after restoring the file, Windows booted up and Combofix continued its scan. It wanted permission to upload some malware samples to its site, so I gave it permission.

I am posting the log anyway. Billy, can you tell me what is actually the problem with my computer?

----------
ComboFix 09-05-14.03 - first 05/15/2009 9:17.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.70 [GMT 5.5:30]
Running from: d:\documents and settings\first\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\first\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090513-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

FILE ::
D:\CEPx168A.tmp
D:\CEPx9C02.tmp

file zipped: d:\windows\system32\dllcache\Collect_explorer.exe.vir
file zipped: d:\windows\system32\dllcache\Collect_TCPIP.SYS.vir
file zipped: d:\windows\system32\dllcache\Collect_wininet.dll.vir
file zipped: d:\windows\system32\dllcache\Collect_wuauclt.exe.vir
file zipped: d:\windows\system32\Collect_spupdsvc.exe.vir
file zipped: d:\windows\Collect_winsrv.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\CEPx168A.tmp
D:\CEPx9C02.tmp
d:\docume~1\first\LOCALS~1\Temp\IadHide4.dll
d:\documents and settings\first\Local Settings\Temp\IadHide4.dll
d:\windows\system32\dllcache\explorer.exe
d:\windows\system32\dllcache\TCPIP.SYS
d:\windows\system32\dllcache\wininet.dll
d:\windows\system32\dllcache\wuauclt.exe
d:\windows\system32\spupdsvc.exe
d:\windows\winsrv.dll

.
--------------- FCopy ---------------

d:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll --> d:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPUPDSVC
-------\Service_Dantrtsrlc
-------\Service_spupdsvc


((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-14 23:10 . 2005-09-01 01:41 430080 ----a-w d:\windows\system32\winsrv.dll
2009-05-14 23:10 . 2009-05-14 23:10 -------- d-----w d:\windows\system32
2009-05-13 03:41 . 2009-05-13 03:41 -------- d-----w D:\_OTListIt
2009-05-11 04:18 . 2009-05-11 04:18 -------- d-----w d:\program files\ERUNT
2009-05-06 06:47 . 2009-05-06 06:47 -------- d-----w d:\program files\Microsoft Windows Script
2009-05-03 14:57 . 2009-05-03 14:57 -------- d-----w d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-03 14:57 . 2009-05-03 14:57 -------- d-----w d:\documents and settings\first\Application Data\SUPERAntiSpyware.com
2009-05-03 14:56 . 2009-05-03 14:56 -------- d-----w d:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 06:33 . 2009-04-24 06:33 -------- d-----w d:\program files\Folding@home
2009-04-23 02:55 . 2009-04-23 02:55 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-04-21 11:19 . 2009-04-21 11:19 -------- d-----w d:\program files\MSXML 6.0
2009-04-06 10:02 . 2009-04-23 02:55 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 10:02 . 2009-04-23 02:55 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-03-26 02:14 . 2009-03-26 02:14 -------- d-----w d:\program files\NeoSmart Technologies
2009-02-14 15:43 . 2004-08-03 12:14 359808 ----a-w d:\windows\system32\drivers\TCPIP.SYS
2007-01-17 11:27 . 2006-12-22 07:45 152 --sh--r d:\windows\system32\1854DBF97A.dll
2008-10-08 04:55 . 2008-06-04 11:51 32 --sha-w d:\windows\system32\drivers\fidbox.dat
2008-10-08 04:55 . 2008-06-04 11:51 32 --sha-w d:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2009-02-14 15:43 359808 19F73560B94F2970DF11D05B9CB04854 d:\windows\system32\drivers\TCPIP.SYS
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E d:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 d:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2004-08-03 13:56 3194368 5EF48912206FF9225BA9CB3D26917DB1 d:\windows\explorer.exe

[-] 2005-05-25 22:46 116504 AE8E5AB36E35E75C9FA9AC9415D10E09 d:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_05.11.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-15 03:25 . 2009-05-15 03:25 16384 d:\windows\Temp\Perflib_Perfdata_7d8.dat
+ 2009-05-15 04:43 . 2009-05-15 04:43 16384 d:\windows\Temp\Perflib_Perfdata_7a8.dat
+ 2009-05-15 04:43 . 2009-05-15 04:43 16384 d:\windows\Temp\Perflib_Perfdata_608.dat
+ 2009-05-15 03:25 . 2009-05-15 03:25 16384 d:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-05-15 04:43 . 2009-05-15 04:43 16384 d:\windows\Temp\Perflib_Perfdata_430.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LDM"="d:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-04-24 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\alwils~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PCTVOICE"="pctspk.exe" - d:\windows\system32\pctspk.exe [2003-12-18 180224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - d:\windows\system32\narrator.exe [2004-08-03 48128]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-4-24 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\superantispyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 06:35 356352 ----a-w h:\superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\kasper~1\adialhk.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave7"= serwvdrv.dll
"wave8"= serwvdrv.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Down2Home.lnk]
backup=d:\windows\pss\Down2Home.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=d:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=d:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=d:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=d:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^PrivacyKit privacy protection software.lnk]
backup=d:\windows\pss\PrivacyKit privacy protection software.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^RocketDock.lnk]
backup=d:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=d:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^first^Start Menu^Programs^Startup^Y'z ToolBar.lnk]
backup=d:\windows\pss\Y'z Toolbar.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"zBrowser Launcher"=d:\program files\Logitech\iTouch\iTouch.exe
"Logitech Utility"=Logi_MwX.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\WINDOWS\\System32\\DxDiag.exe"=
"d:\\WINDOWS\\System32\\dpnsvr.exe"=
"d:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"d:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"h:\\Visual Basic\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"d:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"d:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"d:\\Documents and Settings\\FIRST\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"h:\\Need for Speed Underground 2\\speed2.exe"=
"f:\\NFS Most wanted\\speed.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\I Tunes\\iTunes.exe"=
"e:\\FlashGet\\flashget.exe"=
"d:\\WINDOWS\\System32\\dpvsetup.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [4/24/2009 9:24 AM 114768]
R1 SASDIFSV;SASDIFSV;h:\superantispyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;h:\superantispyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [4/24/2009 9:24 AM 20560]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [4/4/2007 2:58 PM 24344]
R3 PAC7311;VGA SoC PC-Camer@;d:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 11:48 AM 154752]
S3 CachemanXPService;CachemanXP;h:\cacheman\CACHEM~1\CachemanXP.exe [4/6/2008 3:24 PM 242688]
S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\43.tmp --> d:\windows\system32\43.tmp [?]
S3 SASENUM;SASENUM;h:\superantispyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 w200bus;Sony Ericsson W200 driver (WDM);d:\windows\system32\drivers\w200bus.sys [7/5/2008 10:24 PM 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;d:\windows\system32\drivers\w200mdfl.sys [7/5/2008 10:24 PM 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;d:\windows\system32\drivers\w200mdm.sys [7/5/2008 10:24 PM 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\w200mgmt.sys [7/5/2008 10:24 PM 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;d:\windows\system32\drivers\w200obex.sys [7/5/2008 10:24 PM 86368]
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-117609710-839522115-1003.job
- d:\documents and settings\first\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - e:\flashget\jc_all.htm
IE: &Download with Download Accelerator Lite
IE: &Download with FlashGet - e:\flashget\jc_link.htm
IE: &Search - ?p=ZNxmk789YYIN
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - d:\windows\wc98pp.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 10:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\MEMSWEEP2]
"ImagePath"="\??\d:\windows\system32\43.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
h:\superantispyware\SASWINLO.dll
d:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(1772)
d:\windows\system32\CRYPT32.dll
d:\windows\System32\cscui.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
h:\alwil software\Avast4\aswUpdSv.exe
h:\alwil software\Avast4\ashServ.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
d:\windows\System32\PAStiSvc.exe
d:\windows\SYSTEM32\WDFMGR.EXE
d:\windows\system32\CNAB3RPK.EXE
.
**************************************************************************
.
Completion time: 2009-05-15 10:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 04:49
ComboFix2.txt 2009-05-14 05:14

Pre-Run: 1,916,551,168 bytes free
Post-Run: 1,809,367,040 bytes free

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
237
Upload was successful
------------

Thanks for all the help you are giving. Really appreciate it.

Sarat

----------

EDITED TO ADD : System Restore, Help and Support, as well as Search seems to be working now. Thanks a lot for that, Billy!

Edited by sarat, 15 May 2009 - 12:31 AM.

Hello, sarat

No, I don't have a Windows Installation Disc. But since I now have Recovery Console installed, wouldn't it fill the same purpose?

No. Copies of windows' system files have been overwritten with malware copies on your system. We need to restore clean versions of these. The Recovery Console does not contain these files.

Is this type of replacing what you mean as important Windows files being replaced by bad copies?

More or less yes.

[-] 2004-08-03 13:56 3194368 5EF48912206FF9225BA9CB3D26917DB1 d:\windows\explorer.exe
[-] 2005-05-25 22:46 116504 AE8E5AB36E35E75C9FA9AC9415D10E09 d:\windows\system32\wuauclt.exe

These are the affected files. We need clean copies of Explorer.exe and wuauclt.ese
I was able to restore some other files using alternate copies on your system, but you don't seem to have any other copies of explorer or wucauclt on your system.

Can you borrow a friend's windows disk? We're not installing it, just updating those files.....

Billy3