Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/SillyAutoRun.AWH


  • This topic is locked This topic is locked
13 replies to this topic

#1 kstevege

kstevege

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 02 May 2009 - 10:46 PM

CA Antivirus Quarantine is showing evidence of SillyAutoRun whenever I try and open Combofix and other similar applications. I did full system scan with CA, Malwarebytes and Super Anti-Spyware and nothing is found.

Please Help.



DDS (Ver_09-03-16.01) - NTFSx86
Run by i font know at 23:44:40.09 on Sat 05/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1335 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Documents and Settings\i font know\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mPolicies-explorer: <NO NAME> =
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {3766AB5E-CE09-4BE2-A30A-EADED3800DBE} = 208.67.220.220,208.67.222.222
TCP: {463C6B07-2D24-4B91-BB5E-DD3C38D365C3} = 208.67.220.220,208.67.222.222
TCP: {6965FE81-8B4F-4690-9F3C-D9B07ECE7497} = 208.67.220.220,208.67.222.222
TCP: {BEC6A706-63EE-4157-AE84-4361EFF64F70} = 208.67.220.220,208.67.222.222
TCP: {C201771D-5D2B-4035-8428-BB6547D8FD2A} = 208.67.220.220,208.67.222.222
TCP: {E6C5E4F8-A737-4624-A208-BA1C99C6AE9D} = 208.67.220.220,208.67.222.222
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ifontk~1\applic~1\mozilla\firefox\profiles\b9bsa3gj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2005-6-2 22528]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-5-8 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-5-8 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-11-16 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-5-8 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-5-8 32264]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-5-8 242952]
R3 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-5-8 144960]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2007-12-12 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [2007-12-12 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [2007-12-12 309784]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-10-29 31896]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [2007-3-23 1194496]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [2007-3-23 164864]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-6-21 23288]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-11-16 108368]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-6-15 26488]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2007-12-12 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2007-12-12 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2007-12-12 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2007-12-12 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2007-12-12 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [2007-12-12 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [2007-12-12 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [2007-12-12 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [2007-12-12 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [2007-12-12 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [2007-12-12 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2007-12-12 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2007-12-12 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2007-12-12 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2007-12-12 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2007-12-12 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2007-12-12 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2007-12-12 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2007-12-12 534040]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest home edition\kerneld.wnt --> c:\program files\lavalys\everest home edition\kerneld.wnt [?]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 RD1009;EDIROL UM-1 USB Driver;c:\windows\system32\drivers\rdwm1009.sys [2005-7-27 43900]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S3 TipCtrl;TipCtrl;"c:\program files\utipu\tipctrl.exe" --> c:\program files\utipu\TipCtrl.exe [?]

=============== Created Last 30 ================

2009-05-02 23:34 <DIR> --d----- c:\program files\Autorun Eater
2009-05-02 18:17 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-01 17:20 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-01 17:06 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-05-01 16:58 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-05-01 16:58 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-05-01 16:58 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-05-01 16:58 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-05-01 16:58 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 16:58 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 16:58 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 16:58 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 16:58 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-01 16:58 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-01 16:58 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-01 16:52 <DIR> --d----- c:\program files\MSXML 6.0
2009-05-01 16:48 <DIR> --d-hr-- C:\AHCache
2009-05-01 16:42 <DIR> --d----- c:\program files\The Cleaner
2009-05-01 16:31 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\Malwarebytes
2009-05-01 16:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 16:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 16:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-01 16:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-01 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-01 16:05 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-01 16:05 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\SUPERAntiSpyware.com
2009-05-01 16:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-01 15:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 15:49 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-01 15:28 <DIR> a-dshr-- C:\cmdcons
2009-05-01 15:27 161,792 a------- c:\windows\SWREG.exe
2009-05-01 15:27 98,816 a------- c:\windows\sed.exe
2009-05-01 15:08 <DIR> --d----- c:\windows\mui
2009-04-28 01:17 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\EyeballChatAvatars
2009-04-28 01:17 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\EyeballChatUserData
2009-04-28 01:17 <DIR> --d----- c:\program files\Eyeball Networks

==================== Find3M ====================

2009-05-01 15:25 1,984 a------- c:\windows\system32\d3d9caps.dat
2008-02-12 13:37 24,504 a------- c:\docume~1\ifontk~1\applic~1\GDIPFONTCACHEV1.DAT
2005-06-24 22:49 61 -c-sh--- c:\windows\cnerolf.dat

============= FINISH: 23:45:17.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:34 AM

Posted 16 May 2009 - 05:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 18 May 2009 - 03:01 PM

Thanks K. Just got your reply. I will reply with a DDS scan later today.

- Steve

#4 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 18 May 2009 - 10:52 PM

Koan

Here is the DDS Scan. I also attached the zip file as requested.

Thanks again for all your help.

Steve


DDS (Ver_09-05-14.01) - NTFSx86
Run by i font know at 23:54:11.53 on Mon 05/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1591 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\i font know\Desktop\dds(2).com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SBAMTray] c:\program files\sunbelt software\counterspy\SBAMTray.exe
mPolicies-explorer: <NO NAME> =
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241383824906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {3766AB5E-CE09-4BE2-A30A-EADED3800DBE} = 208.67.220.220,208.67.222.222
TCP: {463C6B07-2D24-4B91-BB5E-DD3C38D365C3} = 208.67.220.220,208.67.222.222
TCP: {6965FE81-8B4F-4690-9F3C-D9B07ECE7497} = 208.67.220.220,208.67.222.222
TCP: {BEC6A706-63EE-4157-AE84-4361EFF64F70} = 208.67.220.220,208.67.222.222
TCP: {C201771D-5D2B-4035-8428-BB6547D8FD2A} = 208.67.220.220,208.67.222.222
TCP: {E6C5E4F8-A737-4624-A208-BA1C99C6AE9D} = 208.67.220.220,208.67.222.222
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ifontk~1\applic~1\mozilla\firefox\profiles\b9bsa3gj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com

============= SERVICES / DRIVERS ===============

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-5-4 13360]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-5-8 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-5-8 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-11-16 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-5-8 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-5-8 32264]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-5-4 69936]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2007-12-12 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [2007-12-12 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [2007-12-12 309784]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-10-29 31896]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [2007-3-23 1194496]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [2007-3-23 164864]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-6-21 23288]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-11-16 108368]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2005-6-2 22528]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-6-15 26144]
S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-5-8 242952]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2007-12-12 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2007-12-12 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2007-12-12 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2007-12-12 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2007-12-12 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [2007-12-12 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [2007-12-12 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [2007-12-12 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [2007-12-12 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [2007-12-12 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [2007-12-12 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2007-12-12 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2007-12-12 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2007-12-12 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2007-12-12 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2007-12-12 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2007-12-12 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2007-12-12 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2007-12-12 534040]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S3 RD1009;EDIROL UM-1 USB Driver;c:\windows\system32\drivers\rdwm1009.sys [2005-7-27 43900]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-22 92464]
S4 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-5-8 144960]
S4 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2009-3-17 894248]
S4 TipCtrl;TipCtrl;"c:\program files\utipu\tipctrl.exe" --> c:\program files\utipu\TipCtrl.exe [?]

=============== Created Last 30 ================

2009-05-05 01:11 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-05 01:11 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-04 23:01 69,936 a------- c:\windows\system32\drivers\sbapifs.sys
2009-05-04 23:01 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-05-04 22:47 113 a------- c:\docume~1\ifontk~1\applic~1\netstat.bat
2009-05-04 21:57 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\Sunbelt
2009-05-04 21:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-05-04 21:56 <DIR> --d----- c:\program files\Sunbelt Software
2009-05-04 21:44 <DIR> --dsh--- c:\documents and settings\i font know\UserData
2009-05-04 20:50 <DIR> --d----- c:\documents and settings\i font know\DoctorWeb
2009-05-04 20:40 <DIR> a-dshr-- C:\autorun.inf
2009-05-04 01:16 <DIR> --d----- c:\program files\common files\Scanner
2009-05-04 00:22 <DIR> --d----- C:\Downloads
2009-05-04 00:20 <DIR> --d----- c:\windows\system32\en
2009-05-04 00:12 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-04 00:10 <DIR> --d-hr-- C:\AHCache
2009-05-03 17:08 <DIR> --dsh--- c:\documents and settings\i font know\IECompatCache
2009-05-03 17:03 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\GrabPro
2009-05-03 15:50 <DIR> --d----- c:\windows\system32\scripting
2009-05-03 15:50 <DIR> --d----- c:\windows\l2schemas
2009-05-03 15:22 <DIR> --dsh--- c:\documents and settings\i font know\PrivacIE
2009-05-03 15:11 <DIR> --dsh--- c:\documents and settings\i font know\IETldCache
2009-05-03 14:56 <DIR> --d----- c:\windows\ie8updates
2009-05-03 14:50 69,120 -------- c:\windows\system32\wlanapi.dll
2009-05-03 14:50 28,672 -------- c:\windows\system32\verclsid.exe
2009-05-03 14:50 53,248 -------- c:\windows\system32\tsgqec.dll
2009-05-03 14:50 50,688 -------- c:\windows\system32\tspkg.dll
2009-05-03 14:50 32,768 -------- c:\windows\system32\setupn.exe
2009-05-03 14:50 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-03 14:50 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-05-03 14:48 397,312 -------- c:\windows\system32\mmcex.dll
2009-05-03 14:47 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys
2009-05-03 14:45 <DIR> -cd-h--- c:\windows\ie8
2009-05-03 14:36 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-03 01:43 12,431 a------- c:\windows\KB952954.cat
2009-05-03 01:32 1,042,512 a------- c:\windows\setupapi.log.1.old
2009-05-03 01:26 <DIR> --d----- c:\program files\Trend Micro
2009-05-03 00:35 4,526 a------- c:\windows\system32\PerfStringBackup.TMP
2009-05-03 00:22 161,792 a------- c:\windows\SWREG.exe
2009-05-03 00:22 98,816 a------- c:\windows\sed.exe
2009-05-03 00:17 11,564 a------- c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
2009-05-03 00:17 1,104 a------- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
2009-05-03 00:17 1,104 a------- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
2009-05-03 00:17 64 a------- c:\windows\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
2009-05-03 00:17 64 a------- c:\windows\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
2009-05-01 17:17 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-01 17:17 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-05-01 17:15 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 17:06 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-05-01 17:03 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-01 17:03 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-01 16:58 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-05-01 16:58 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-05-01 16:58 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-05-01 16:58 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-05-01 16:58 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 16:58 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 16:58 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 16:58 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 16:58 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-01 16:58 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-01 16:58 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-01 16:31 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\Malwarebytes
2009-05-01 16:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 16:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 16:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-01 16:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-01 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-01 16:05 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-01 16:05 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\SUPERAntiSpyware.com
2009-05-01 16:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-01 15:49 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-01 15:28 <DIR> a-dshr-- C:\cmdcons
2009-05-01 15:08 <DIR> --d----- c:\windows\mui
2009-04-28 01:17 <DIR> --d----- c:\docume~1\ifontk~1\applic~1\EyeballChatAvatars

==================== Find3M ====================

2009-05-03 23:52 170,968 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-05-03 16:59 86,665 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-01 15:25 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-03-17 13:26 65,320 a------- c:\windows\system32\sbbd.exe
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2008-02-12 13:37 24,504 a------- c:\docume~1\ifontk~1\applic~1\GDIPFONTCACHEV1.DAT
2005-06-24 22:49 61 -c-sh--- c:\windows\cnerolf.dat

============= FINISH: 23:54:43.75 ===============

Attached Files



#5 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 20 May 2009 - 04:08 PM

FYI

The reason why I intitially ran combifix, malwarebytes, etc is because on or about May 1, 2009, I received a phony alert requesting I do a system virus scan. I was wise enough to stop internet explorer instead of clicking on any portion of the phony ad. Initially some spyware was found and removed after runnign malwarebytes, etc. . Subsequent system scans were clean except since that time whatever infected my computer seems to be hiding because ComboFix no longer runs and it also seem it has affected the other computer on my network from running ComboFix as well even though both computers are connected to internet via Router. Prior to this date I neve had a problem running Combo fix. I even tried changing name of combofix on desktop but this virus was smart enough to detect that. Combofix logo will not even appear. Initially it also knew when I tried to download Combofix from sites such as bleeping computer.

Thanks

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:34 AM

Posted 20 May 2009 - 09:12 PM

Hello, kstevege :thumbup2:
ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 21 May 2009 - 07:21 PM

Billy:

Thanks for helping me out.

I understand Combofix can be dangerous but it is such a powerful tool that finds nasties overlooked by other virus scanners including AVG so when it appears I have an initial problem it is so tempting to use COmbofix with the understanding I am taking a risk!!. I am glad to have an expert helping this time though!!

Here is the OTListlt.Txt:

OTListIt logfile created on: 5/21/2009 8:10:17 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\i font know\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.80% Memory free
3.85 Gb Paging File | 3.62 Gb Available in Paging File | 93.92% Paging File free
Paging file location(s): C:\pagefile.sys 1700 1700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 84.92 Gb Free Space | 74.18% Space Free | Partition Type: NTFS
Drive D: | 279.47 Gb Total Space | 173.75 Gb Free Space | 62.17% Space Free | Partition Type: NTFS
Drive E: | 233.76 Gb Total Space | 119.92 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 76.69 Gb Total Space | 61.32 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 215.32 Gb Free Space | 46.23% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: i font know
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/08/11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/12/12 17:56:26 | 00,023,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2007/12/12 19:26:44 | 00,671,863 | ---- | M] (E-MU Systems) -- C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/04/30 02:19:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/21 20:09:26 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\i font know\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/01 13:35:07 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Stopped])
SRV - [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe [Disabled | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Disabled | Stopped])
SRV - [2009/05/01 15:48:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [On_Demand | Stopped])
SRV - [2001/02/23 01:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped])
SRV - [2006/08/11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/16 21:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Stopped])
SRV - [2009/03/17 13:26:48 | 00,894,248 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc [Disabled | Stopped])
SRV - [2009/01/07 18:21:00 | 00,026,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - File not found -- -- (TipCtrl [Disabled | Stopped])
SRV - [2007/08/20 13:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT [Auto | Stopped])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [On_Demand | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/03 22:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\System32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Running])
DRV - [2007/12/12 19:35:36 | 00,098,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])
DRV - [2007/12/12 19:35:36 | 00,098,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])
DRV - [2007/12/12 19:36:36 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CT20XUT.SYS -- (CT20XUT [On_Demand | Stopped])
DRV - [2007/12/12 19:36:36 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:40:02 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2007/12/12 19:40:20 | 00,524,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2007/12/12 19:35:48 | 00,528,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])
DRV - [2007/12/12 19:35:48 | 00,528,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:36:08 | 00,163,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTEAPSFX.SYS -- (CTEAPSFX [On_Demand | Stopped])
DRV - [2007/12/12 19:36:08 | 00,163,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:36:16 | 00,259,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTEDSPFX.SYS -- (CTEDSPFX [On_Demand | Stopped])
DRV - [2007/12/12 19:36:16 | 00,259,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:37:14 | 00,134,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTEDSPIO.SYS -- (CTEDSPIO [On_Demand | Stopped])
DRV - [2007/12/12 19:37:14 | 00,134,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS [On_Demand | Running])
DRV - [2007/12/12 19:37:04 | 00,309,784 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTEDSPSY.SYS -- (CTEDSPSY [On_Demand | Stopped])
DRV - [2007/12/12 19:37:04 | 00,309,784 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS [On_Demand | Running])
DRV - [2007/12/12 19:36:26 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])
DRV - [2007/12/12 19:36:26 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:37:34 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTEXFIFX.SYS -- (CTEXFIFX [On_Demand | Stopped])
DRV - [2007/12/12 19:37:34 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:36:46 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTHWIUT.SYS -- (CTHWIUT [On_Demand | Stopped])
DRV - [2007/12/12 19:36:46 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:41:14 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2007/12/12 19:36:00 | 00,534,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])
DRV - [2007/12/12 19:36:00 | 00,534,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Stopped])
DRV - [2007/12/12 19:41:24 | 00,159,256 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2008/10/29 19:05:58 | 00,031,896 | ---- | M] (DemoForge, LLC) -- C:\WINDOWS\system32\DRIVERS\dfmirage.sys -- (dfmirage [On_Demand | Running])
DRV - [2007/12/12 19:41:40 | 00,095,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2008/04/13 14:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\GcKernel.sys -- (GcKernel [On_Demand | Stopped])
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2007/12/12 19:41:48 | 00,802,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2001/08/17 14:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys -- (HIDSwvd [On_Demand | Stopped])
DRV - [2008/03/03 16:20:00 | 01,194,496 | ---- | M] (Universal Audio, Inc.) -- C:\WINDOWS\system32\DRIVERS\hypaudio.sys -- (hypaudio [On_Demand | Running])
DRV - [2008/03/03 16:20:00 | 00,164,864 | ---- | M] () -- C:\WINDOWS\system32\drivers\hypkern.sys -- (hypkern [On_Demand | Running])
DRV - [2005/12/26 00:24:00 | 00,006,656 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys -- (LtcyCfgWDM [On_Demand | Stopped])
DRV - [2006/08/11 21:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/05/05 19:21:00 | 00,004,608 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\system32\Drivers\nvport.sys -- (nvport [System | Running])
DRV - [2007/12/12 19:41:06 | 00,129,560 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2006/03/29 08:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2007/12/12 19:42:22 | 00,015,896 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/08/24 23:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\OVCD.sys -- (QCDonner [On_Demand | Stopped])
DRV - [2002/05/21 18:14:00 | 00,043,900 | ---- | M] (Roland Corporation) -- C:\WINDOWS\System32\Drivers\rdwm1009.sys -- (RD1009 [On_Demand | Stopped])
DRV - [2006/10/23 03:00:00 | 00,008,576 | ---- | M] () -- C:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
DRV - [2008/09/12 09:38:30 | 00,013,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd [System | Running])
DRV - [2009/03/04 23:30:16 | 00,069,936 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs [Auto | Running])
DRV - [2008/10/22 17:08:38 | 00,092,464 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE [On_Demand | Stopped])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/03/03 13:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 11:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 06:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006/09/24 09:28:47 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2007/10/24 11:47:26 | 00,023,288 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\system32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Running])
DRV - [2005/09/04 09:50:23 | 00,022,528 | ---- | M] (W1zzard) -- C:\WINDOWS\system32\DRIVERS\SysTool.sys -- (SysTool [System | Stopped])
DRV - [2008/02/20 13:47:34 | 00,027,936 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/08/20 13:38:16 | 00,026,376 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
DRV - [2007/08/20 13:38:16 | 00,021,128 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
DRV - [2008/11/16 18:01:05 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
DRV - [2008/11/16 18:01:06 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
DRV - [2007/08/20 13:38:20 | 00,021,512 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
DRV - [2007/08/20 13:38:22 | 00,032,264 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-117609710-606747145-1801674531-1002\S-1-5-21-117609710-606747145-1801674531-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/04 00:10:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/03 16:25:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/04 00:09:42 | 00,000,000 | ---D | M]

[2008/09/07 22:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\i font know\Application Data\mozilla\Extensions
[2008/09/07 22:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\i font know\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/18 23:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\i font know\Application Data\mozilla\Firefox\Profiles\b9bsa3gj.default\extensions
[2009/05/04 00:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\i font know\Application Data\mozilla\Firefox\Profiles\b9bsa3gj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/03/28 22:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\i font know\Application Data\mozilla\Firefox\Profiles\b9bsa3gj.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009/05/18 23:56:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/06/12 23:48:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/30 02:19:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/04 00:10:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/30 02:19:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 02:19:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/07 22:24:56 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/07 22:24:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/07 22:24:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 01:14:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/07 22:24:56 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/07 22:24:56 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/07 22:24:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKU\S-1-5-21-117609710-606747145-1801674531-1002..\Run: [SetDefaultMIDI] MIDIDef.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-117609710-606747145-1801674531-1002_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241383824906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{3766AB5E-CE09-4BE2-A30A-EADED3800DBE}\\NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{463C6B07-2D24-4B91-BB5E-DD3C38D365C3}\\NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6965FE81-8B4F-4690-9F3C-D9B07ECE7497}\\NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BEC6A706-63EE-4157-AE84-4361EFF64F70}\\NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{C201771D-5D2B-4035-8428-BB6547D8FD2A}\\NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E6C5E4F8-A737-4624-A208-BA1C99C6AE9D}\\NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/13 19:06:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 20:40:40 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 20:40:41 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 20:40:41 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 20:40:41 | 00,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 20:09:58 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/21 20:09:25 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\i font know\Desktop\OTListIt2.exe
[2009/05/05 01:11:33 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/05/05 01:11:32 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/05/05 00:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Desktop\Autoruns
[2009/05/04 23:01:38 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/05/04 23:01:38 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2009/05/04 22:47:32 | 00,000,113 | ---- | C] () -- C:\Documents and Settings\i font know\Application Data\netstat.bat
[2009/05/04 21:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Application Data\Sunbelt
[2009/05/04 21:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/05/04 21:57:07 | 00,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2009/05/04 21:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/05/04 21:55:34 | 12,130,384 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\i font know\Desktop\counterspy.exe
[2009/05/04 21:53:29 | 04,808,583 | ---- | C] () -- C:\Documents and Settings\i font know\Desktop\sysclean.com
[2009/05/04 20:49:26 | 13,899,384 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\i font know\Desktop\launch.exe
[2009/05/04 20:45:12 | 13,899,208 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\i font know\Desktop\drweb-cureit.exe
[2009/05/04 20:40:40 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/04 20:39:54 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\i font know\Desktop\Flash_Disinfector.exe
[2009/05/04 01:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/05/04 01:14:46 | 21,501,104 | ---- | C] (CA) -- C:\Documents and Settings\i font know\Desktop\aspy_en_32.exe
[2009/05/04 00:22:20 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/05/04 00:20:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/04 00:13:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/04 00:12:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/05/04 00:10:22 | 00,000,000 | RH-D | C] -- C:\AHCache
[2009/05/03 17:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Application Data\GrabPro
[2009/05/03 16:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/03 15:50:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/03 15:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/03 15:50:42 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/05/03 15:29:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/03 14:56:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/03 14:50:44 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/05/03 14:50:35 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/05/03 14:50:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/05/03 14:50:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/05/03 14:50:03 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/05/03 14:50:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/05/03 14:50:00 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/05/03 14:49:58 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/05/03 14:49:57 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/05/03 14:49:55 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/05/03 14:49:55 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/05/03 14:49:55 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/05/03 14:49:50 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/05/03 14:49:35 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/05/03 14:49:35 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/05/03 14:49:35 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/05/03 14:49:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/05/03 14:49:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/05/03 14:49:31 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/05/03 14:49:31 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/05/03 14:49:27 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/05/03 14:49:27 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/05/03 14:49:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/05/03 14:48:59 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/05/03 14:48:59 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/05/03 14:48:59 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/05/03 14:48:31 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/05/03 14:48:31 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/05/03 14:48:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/05/03 14:48:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/05/03 14:48:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/05/03 14:48:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/05/03 14:48:28 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/05/03 14:48:28 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2009/05/03 14:48:11 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/05/03 14:48:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/05/03 14:48:11 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/05/03 14:48:02 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/05/03 14:47:49 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/05/03 14:47:49 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/05/03 14:47:49 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/05/03 14:47:49 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/05/03 14:47:49 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/05/03 14:47:49 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/05/03 14:47:49 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/05/03 14:47:49 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/05/03 14:47:45 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/05/03 14:47:45 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/05/03 14:47:45 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/05/03 14:47:45 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/05/03 14:47:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/05/03 14:47:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/05/03 14:47:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/05/03 14:47:43 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/05/03 14:47:43 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/05/03 14:47:41 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/05/03 14:47:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/05/03 14:47:28 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/05/03 14:47:27 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/05/03 14:47:20 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/05/03 14:45:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/03 14:36:30 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/03 01:43:39 | 00,012,431 | ---- | C] () -- C:\WINDOWS\KB952954.cat
[2009/05/03 01:26:22 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\i font know\Desktop\HijackThis.lnk
[2009/05/03 01:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/03 01:26:08 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\i font know\Desktop\HJTInstall.exe
[2009/05/03 00:35:06 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/03 00:27:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/03 00:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Local Settings\temp
[2009/05/03 00:22:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/03 00:22:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/03 00:22:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/03 00:22:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/03 00:22:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/03 00:22:59 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/03 00:17:38 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/03 00:17:38 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/03 00:17:38 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/03 00:17:38 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/03 00:17:38 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/01 17:17:42 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/05/01 17:17:39 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/05/01 17:15:09 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/01 17:06:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/05/01 17:03:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/01 17:03:18 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/01 16:58:32 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/05/01 16:58:31 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/05/01 16:58:31 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/05/01 16:58:30 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/05/01 16:58:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/01 16:58:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/01 16:58:24 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/01 16:58:24 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/01 16:58:24 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/01 16:58:24 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/01 16:58:24 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/01 16:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Application Data\Malwarebytes
[2009/05/01 16:31:42 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 16:31:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 16:31:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 16:31:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/01 16:31:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/01 16:05:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/01 16:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/01 16:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Application Data\SUPERAntiSpyware.com
[2009/05/01 16:04:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/01 15:28:59 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/01 15:28:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/01 15:08:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/04/28 14:28:06 | 20,617,000 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\i font know\Desktop\SkypeSetupFull.exe
[2009/04/28 01:17:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\i font know\Application Data\EyeballChatAvatars
[2009/04/28 00:50:48 | 00,006,265 | ---- | C] () -- C:\Documents and Settings\i font know\My Documents\sc_config_eyeballchat.xml
[2008/11/09 00:34:46 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2008/06/06 14:22:46 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/03/22 22:26:18 | 00,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/03/09 00:01:31 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/09 00:01:28 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/09 00:01:28 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/09 00:01:27 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/09 00:01:27 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/12 18:16:26 | 00,097,464 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/12/12 17:58:02 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/23 18:30:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/23 12:58:05 | 00,164,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\hypkern.sys
[2006/10/02 18:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 21:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 21:43:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/08 23:04:09 | 00,004,456 | ---- | C] () -- C:\WINDOWS\rdt.ini
[2006/05/20 15:59:32 | 00,013,560 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/20 15:30:41 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/05/20 15:30:39 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/20 15:30:37 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/05/20 15:30:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/05/20 15:30:27 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/05/20 15:30:19 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2006/02/26 21:42:35 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2006/02/12 15:58:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/26 00:24:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys
[2005/12/22 02:45:23 | 00,044,592 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2005/12/22 02:45:23 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/21 21:36:54 | 00,000,556 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/07 22:35:34 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/07/31 17:55:26 | 16,379,904 | ---- | C] () -- C:\WINDOWS\System32\AbsynthIAC.dll
[2005/07/11 21:33:40 | 00,000,744 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/16 19:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/06/15 22:57:56 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/06/15 15:58:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/15 15:42:48 | 00,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2005/06/15 15:18:15 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/15 15:14:58 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/15 13:14:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/26 18:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/03/04 10:22:18 | 00,015,712 | ---- | C] () -- C:\WINDOWS\System32\OvMidi16.dll
[2003/02/18 21:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/02/27 17:50:00 | 00,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2001/08/23 08:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2001/08/23 08:00:00 | 00,001,012 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/21 20:09:26 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\i font know\Desktop\OTListIt2.exe
[2009/05/21 20:02:02 | 00,081,858 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/21 20:01:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\i font know\Local Settings\desktop.ini
[2009/05/21 20:00:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/21 20:00:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/19 20:14:26 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/19 20:14:26 | 00,001,104 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/19 20:14:26 | 00,001,104 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/19 20:14:26 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/19 20:14:26 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-40011102}.rfx
[2009/05/06 00:45:59 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/06 00:45:59 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/05 01:53:45 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/04 22:47:32 | 00,000,113 | ---- | M] () -- C:\Documents and Settings\i font know\Application Data\netstat.bat
[2009/05/04 21:57:07 | 00,001,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2009/05/04 21:55:12 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/05/04 20:00:59 | 13,899,384 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\i font know\Desktop\launch.exe
[2009/05/04 19:23:17 | 13,899,208 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\i font know\Desktop\drweb-cureit.exe
[2009/05/03 23:17:06 | 00,001,012 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/03 23:17:06 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/03 16:05:03 | 00,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/03 15:57:11 | 00,014,518 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/03 15:38:18 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/03 15:11:25 | 00,000,082 | -HS- | M] () -- C:\Documents and Settings\i font know\My Documents\desktop.ini
[2009/05/03 01:26:22 | 00,001,749 | ---- | M] () -- C:\Documents and Settings\i font know\Desktop\HijackThis.lnk
[2009/05/03 01:26:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\i font know\Desktop\HJTInstall.exe
[2009/05/02 22:02:57 | 00,004,568 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/01 16:31:42 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 15:25:30 | 00,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/01 10:04:33 | 00,001,563 | ---- | M] () -- C:\Documents and Settings\i font know\Desktop\CCleaner.lnk
[2009/04/29 12:40:40 | 04,808,583 | ---- | M] () -- C:\Documents and Settings\i font know\Desktop\sysclean.com
[2009/04/28 14:28:26 | 20,617,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\i font know\Desktop\SkypeSetupFull.exe
[2009/04/28 01:17:33 | 00,006,265 | ---- | M] () -- C:\Documents and Settings\i font know\My Documents\sc_config_eyeballchat.xml
< End of report >


ANd here is the Extras.Txt:

OTListIt Extras logfile created on: 5/21/2009 8:10:17 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\i font know\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.80% Memory free
3.85 Gb Paging File | 3.62 Gb Available in Paging File | 93.92% Paging File free
Paging file location(s): C:\pagefile.sys 1700 1700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 84.92 Gb Free Space | 74.18% Space Free | Partition Type: NTFS
Drive D: | 279.47 Gb Total Space | 173.75 Gb Free Space | 62.17% Space Free | Partition Type: NTFS
Drive E: | 233.76 Gb Total Space | 119.92 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 76.69 Gb Total Space | 61.32 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 215.32 Gb Free Space | 46.23% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: i font know
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\sandra.exe:*:Enabled:SiSoftware Sandra Lite
File not found -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite
File not found -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/07/14 12:53:50 | 04,403,200 | ---- | M] (Gabest) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/04/15 14:43:38 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
[2009/04/20 15:57:40 | 01,719,496 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2008/04/13 20:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console
[2008/09/29 13:17:08 | 04,382,720 | ---- | M] (Gabest) -- C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
File not found -- %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1864B4F0-7777-4A57-9930-C2B307597966}" = MusicLab RealGuitar 2.0
"{1864B4F0-7777-5A57-9930-C2B307597966}" = RealGuitar
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D3573E4-B407-47C2-ACA5-6880048BF1EE}" = CounterSpy
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{25317A18-FE51-4590-9B48-C8AE058416D6}" = X3DPCGateway
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2864B4E9-1186-4A57-9930-C2B307597965}" = MusicLab VeloMaster Lite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{58206080-3E1F-4418-8117-D190FC71BF58}" = RealStrat
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}" = WordBuilder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ACBC6E4-03D0-422E-A0CA-3BA1A8EF8374}" = Digital Audio System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8967ABFB-CBCA-4EC0-8DE8-A01135267C16}" = EZplayer pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E2A92E7F-8039-4FA8-8334-B751B3724FB8}" = INSPECTOR
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{FED7C046-6E28-4492-87F6-EF1BA20E1EC5}" = Steinberg Cubase 4
"Add/Remove Pro" = Add/Remove Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Atmosphere_is1" = Atmosphere
"Bink and Smacker" = Bink and Smacker
"BrainWave Generator" = BrainWave Generator
"Cacheman 5.50" = Cacheman 5.50
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.5.1.0" = Cakewalk VST Adapter 4.5.1.0
"CCleaner" = CCleaner (remove only)
"CWAFV3" = Cakewalk Audio Finder Tool
"discWelder BRONZE" = discWelder BRONZE
"DreamStation DXi2" = DreamStation DXi2
"Driver Cleaner" = Driver Cleaner 3
"Driverheaven Full PC Info_is1" = Driverheaven Full PC Info 1.1
"East West Colossus" = East West Colossus
"East West EWQLSO Gold Edition" = East West EWQLSO Gold Edition
"East West EWQLSO PRO XP Gold" = East West EWQLSO PRO XP Gold
"East West Symphonic Choirs" = East West Symphonic Choirs
"EMU PatchMix DSP" = E-muPatchMix DSP
"eTrust Suite Personal" = CA Internet Security Suite
"Garritan Personal Orchestra" = Garritan Personal Orchestra
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Native Instruments Absynth" = Native Instruments Absynth
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Elektrik Piano" = Native Instruments Elektrik Piano
"Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5
"Native Instruments Kompakt" = Native Instruments Kompakt
"Native Instruments Kontakt 2" = Native Instruments Kontakt 2
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Service Center" = Native Instruments Service Center
"NI Service Center" = NI Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Overture 3.5 SE" = Overture 3.5 SE
"Prism" = Prism Video Converter
"RealAlt_is1" = Real Alternative 1.9.0
"Registry Booster_is1" = Uniblue Registry Booster
"Registry Mechanic_is1" = Registry Mechanic 5.2
"RivaTuner" = RivaTuner v2.0 RC 16.1
"Sonalksis FreeG Plug-Ins for Windows_is1" = Sonalksis FreeG Plug-Ins for Windows 1.08
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"SONAR Plugin Manager" = SONAR Plugin Manager
"SONAR UTILS" = SONAR UTILS 2.51
"SpeedFan" = SpeedFan (remove only)
"Steinberg Cubase SX 3" = Steinberg Cubase SX 3
"Syncrosoft License Control" = Syncrosoft License Control
"TuneXP_1.5" = TuneXP 1.5
"UAD-1 Powered Plug-Ins" = UAD-1 Powered Plug-Ins
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"WaveLabLite" = WaveLab Lite
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XviD" = XviD MPEG-4 Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2009 11:41:05 PM | Computer Name = STEVE | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/18/2009 11:41:08 PM | Computer Name = STEVE | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 5/19/2009 7:19:46 PM | Computer Name = STEVE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/19/2009 7:19:47 PM | Computer Name = STEVE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 5/19/2009 7:23:48 PM | Computer Name = STEVE | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/19/2009 7:23:51 PM | Computer Name = STEVE | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 5/21/2009 8:01:07 PM | Computer Name = STEVE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/21/2009 8:01:07 PM | Computer Name = STEVE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 5/21/2009 8:05:09 PM | Computer Name = STEVE | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/21/2009 8:05:12 PM | Computer Name = STEVE | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 5/21/2009 8:02:01 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SBAMSvc with
arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}

Error - 5/21/2009 8:02:01 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/21/2009 8:02:02 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/21/2009 8:08:19 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/21/2009 8:08:19 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/21/2009 8:09:25 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/21/2009 8:09:25 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/21/2009 8:09:46 PM | Computer Name = STEVE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/21/2009 8:09:46 PM | Computer Name = STEVE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 5/21/2009 8:09:46 PM | Computer Name = STEVE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference
error message: The operation completed successfully. .


< End of report >

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:34 AM

Posted 21 May 2009 - 07:56 PM

Hello, kstevege :thumbup2:

CA Antivirus Quarantine is showing evidence of SillyAutoRun whenever I try and open Combofix and other similar applications

What do you mean by "Other similar applications"? Combofix has known problems with antivirus programs. It does not run correctly if AV programs are running while it is.

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otli
    DRV - [2005/09/04 09:50:23 | 00,022,528 | ---- | M] (W1zzard) -- C:\WINDOWS\system32\DRIVERS\SysTool.sys -- (SysTool [System | Stopped])
    O3 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    :commands
    [emptytemp]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 21 May 2009 - 10:20 PM

Hi Billy

Thanks for the quick reply. I understand what you are saying about Combofix but until on or about May 1, 2009 I never had a problem running it. Even with CA disabled it will not run or be recognized.

Here are the files you requested. Escan found Virtumonde

========== OTLISTIT ==========

Service\Driver SysTool deleted successfully.
C:\WINDOWS\system32\DRIVERS\SysTool.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-117609710-606747145-1801674531-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\i font know\Local Settings\temp\etilqs_2LtUd7ccuy2839bQKLap scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05212009_213033

Files moved on Reboot...
File C:\Documents and Settings\i font know\Local Settings\temp\etilqs_2LtUd7ccuy2839bQKLap not found!

Registry entries deleted on Reboot...

ESET Online Scan log.txt
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=0d882d173ea8e349ae19c65f7eb2ec66
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-05-22 03:20:11
# local_time=2009-05-21 11:20:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4865 21 100 100 16459510000000
# scanned=233115
# found=14
# cleaned=14
# scan_time=3923
C:\Qoobox\Quarantine\C\WINDOWS\system32\dJmTvGgh.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 0BB8743B4865797DD421F1DA9F76A356
C:\Qoobox\Quarantine\C\WINDOWS\system32\dJmTvGgh.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 0BB8743B4865797DD421F1DA9F76A356
C:\Qoobox\Quarantine\C\WINDOWS\system32\etyognyd.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) B9FBACD9D90474D5E2A0142103B2B6EC
C:\Qoobox\Quarantine\C\WINDOWS\system32\gqmlvkaj.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) FD4200C46D370FAA8F799FCB505C9722
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibiqxdtc.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) D57F3AD6B752843CE04880C59F7F8B64
C:\Qoobox\Quarantine\C\WINDOWS\system32\iihgQqss.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) C6A7681B0AB74450499169482B43CB99
C:\Qoobox\Quarantine\C\WINDOWS\system32\iihgQqss.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) B414A1E1FEC3707AFF7F04041323639D
C:\Qoobox\Quarantine\C\WINDOWS\system32\JmWayccf.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 76E9D0B55985EE1D716B60AA39EF0110
C:\Qoobox\Quarantine\C\WINDOWS\system32\JmWayccf.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 99BA29077977C389E90DD4BCED6F119F
C:\Qoobox\Quarantine\C\WINDOWS\system32\QYyxHRqr.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 1928DF43ED4850CC5D84C2A69E0ABE49
C:\Qoobox\Quarantine\C\WINDOWS\system32\QYyxHRqr.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 1B0A0F79E610D73795B7718563FD782C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rdqlhbvq.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) BAA9F903A3D800DCF37947B9C62E3A35
C:\Qoobox\Quarantine\C\WINDOWS\system32\vDeMnXyb.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) E883416A871354AB8C2CA66321D1FCC8
C:\Qoobox\Quarantine\C\WINDOWS\system32\vDeMnXyb.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 02F801B41432044E4B3A563D425C21B9

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:34 AM

Posted 21 May 2009 - 10:31 PM

Hello, kstevege :step4:

All files found by ESET were already deleted by CF.

Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 21 May 2009 - 10:35 PM

Hi BIlly

RUN does not find Combofix

#12 kstevege

kstevege
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 21 May 2009 - 10:46 PM

Hopefully that is it. How long will this thread remain open just in case something shows up?

Thanks again for all your help. I am an attorney licensed in NY & NC. If you need general legal advice just let me know.

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:34 AM

Posted 21 May 2009 - 10:46 PM

Just ignore that part then. OTLI should take care of the uninstallation.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:34 AM

Posted 21 May 2009 - 10:47 PM

Hello, kstevege :thumbup2:

It will remain viewable, but I'm closing it here. Just PM me if problems return.

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users