Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows No Disk Error / Hotfix KB5504305 Rundll56.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 jlovely

jlovely

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 10 May 2009 - 11:26 PM

Hello...I'm new to the forum and hope I have enough info to describe the problem I am experiencing with my computer. I am running Widows XP SP2 MCE 2002.

I installed a program on my computer...that obviously had a trojan or virus in it. As soon as I installed it, I received a Windows - No Disk Exception Processing Message c00000013 error. There were two Hotfix KB5504305 Rundll56.exe files running in my services. After I killed them and removed them with a registry cleaner, HijackThis, and msconfig, the errors went away. However, in the Windows Disk Management, none of my drives appeared. I tried cleaning my computer with Norton Internet Security and Ad-Aware, but the programs did not find anything. After downloading Malewarebytes, I tried running it, but it would not run. So...I ran the Combofix on my drive (sorry...I didn't realize I shouldn't run this until I read more posts on your Web site). It did remove C:\autorun.inf and D:\autorun.inf files along with what looked to be other trojans that were running. I was then able to run Malewarebytes and remove about 12 virus and trojans from my computer. The Disk Management now shows my drives. However, I'm concerned that I did not remove everything and that my drive is still infected. Here is the info from running DSS.EXE on my machine. Can you check to see that everything is OK in the information? Malewarebytes also found 3 trojans on my exteranl USB drive, which I removed from the drive. Should I also be worried about that drive being infected? Everything on the computer and USB drive seem to be OK...but I just want to make sure.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 0:06:27.42 on Mon 05/11/2009
Internet Explorer: 6.0.2900.2180

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.viewsonic.com/forms/warrantyreg.cfm
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F79AD27F-8140-4E33-8B1D-C4FC6B663CCA} - No File
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DVDTray] "c:\program files\hp dvd\umbrella\DVDTray.exe"
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\panora~1.lnk - c:\program files\panorama\Panorama.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
mPolicies-explorer: <NO NAME> =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238537738343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238537729656
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ekhy5qs3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.webshots.com/homepage.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-05-10 19:47 266,360 a------- c:\windows\system32\TweakUI.exe
2009-05-10 19:47 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-05-10 19:36 <DIR> --d----- c:\program files\Trend Micro
2009-05-10 16:26 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-05-10 15:29 <DIR> a-dshr-- C:\cmdcons
2009-05-10 15:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-10 15:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 15:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-10 02:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-10 01:54 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-10 01:54 1,409 a------- c:\windows\QTFont.for
2009-05-10 01:30 18 a---h--- C:\SYSREST
2009-05-09 22:53 266,240 a------- c:\windows\system32\Incinerator.dll
2009-05-09 22:53 <DIR> --d----- c:\program files\iolo
2009-05-09 19:04 <DIR> --d----- c:\program files\Haali
2009-05-09 17:54 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-05-09 16:14 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

==================== Find3M ====================

2009-03-29 12:23 3,531 a------- c:\windows\mozver.dat
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2008-02-29 09:34 47,360 a------- c:\docume~1\admini~1\applic~1\pcouffin.sys
2008-02-13 20:09 73,728 a------- c:\documents and settings\administrator\SetupNI.dll
2007-12-13 23:04 100,048 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2007-04-07 03:08 2,054,144 a------- c:\program files\Retoucher.8bf
2003-10-19 13:44 0 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 0:07:52.32 ===============


Thanks for any help that you can provide,
Janette

Attached Files


Edited by jlovely, 10 May 2009 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:30 PM

Posted 25 May 2009 - 03:37 PM

Hello Janette,

If you are not being helped elsewhere, please do the following:

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Start your MBAM.
Click the Settings Tab. Make sure all option lines have a checkmark.
Click the Update tab. Press the "Check for Updates" button.
At this time, the current definitions are # 2178 or later. The latest program version is 1.36 (released April 6)

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


Using Internet Explorer browser only, go to ESET Online Scanner website:
Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.
  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/onlinescan/cac4.php?page=faq
  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
=

Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTListIt2 by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the latest MBAM scan log
  • the Eset scan log.txt
  • the contents of OTListIt.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar, 25 May 2009 - 03:37 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 jlovely

jlovely
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 29 June 2009 - 05:32 PM

Hello,

Thanks for taking a look at my post. Here are the logs from the programs which I was able to finally have a chance to run.

--------------------------------
# the latest MBAM scan log
--------------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2347
Windows 5.1.2600 Service Pack 2

6/28/2009 7:32:21 PM
mbam-log-2009-06-28 (19-32-21).txt

Scan type: Quick Scan
Objects scanned: 114989
Time elapsed: 50 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minbho.showbarobj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27ba317e-7bbd-4ebe-a06a-47f076d9d6f7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231f-9d6f-4b0e-9041-5dd7484564ad} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minbho.showbarobj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{70ef8b2a-3a34-4913-aafc-5a2827e0b1b1} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c91bcf48-598c-48bc-a4a7-192cefc9068a} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kbbar.kbbarband (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kbbar.kbbarband.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SkyMediaPack (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\SkyToolbar (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\content (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale\en-US (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale\ru-RU (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words (Adware.SkyMediaPack) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SkyMediaPack\SkyToolbar\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\BrowserStartPage.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\Config.dat (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\KBBar.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\ToolbarUpdate.exe (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\unins000.dat (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\unins000.exe (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\update.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome.manifest (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\install.rdf (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\content\about.xul (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\content\settings.js (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\content\SkySearchToolbar.js (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\content\SkySearchToolbar.xul (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale\en-US\SkySearchToolbar.dtd (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale\en-US\toolbar.properties (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale\ru-RU\SkySearchToolbar.dtd (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\locale\ru-RU\toolbar.properties (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\about.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\aboutDlg.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\auto.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\bigbutton.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\gambling.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\gripper.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\insurance.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\pharmacy.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\search.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\settings.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\SkySearchToolbar.css (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\skin\software.png (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\anti-viruses.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\archivators.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\auto credit.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\auto insurance.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\baccarat.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\bingo.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\body-building.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\casino.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\credit.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\free downloaders.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\general health.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\health and life.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\home.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\keno.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\men`s health.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\mp3 dvd players.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\pain relief.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\pets.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\poker.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\weight loss.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\skymediapack\skytoolbar\FF\chrome\words\women`s health.txt (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
c:\program files\VideoLAN\VLC\plugins\libmux_mpjpeg_plugin.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

--------------------------------
# the Eset scan log.txt
--------------------------------

C:\Documents and Settings\Administrator\My Documents\Software\_TEMP\sdsetup.exe probably a variant of Win32/Spy.Agent trojan deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Software\_TEMP\Music\setupcdripper.exe multiple threats deleted - quarantined


--------------------------------
# the contents of OTListIt.txt
--------------------------------

OTListIt logfile created on: 6/29/2009 6:08:55 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Administrator\My Documents\Software\Virus
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 577.96 Mb Available Physical Memory | 56.47% Memory free
1.66 Gb Paging File | 1.33 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.39 Gb Total Space | 9.93 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.81 Gb Free Space | 15.07% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JLOVELY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/09 17:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/08/04 03:56:48 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE
PRC - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/04/30 01:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
PRC - [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/06/03 01:50:08 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2003/07/23 10:41:54 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP DVD\Umbrella\DVDTray.exe
PRC - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/10 12:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2004/10/28 09:29:48 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2008/08/15 10:39:04 | 03,343,688 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2004/10/21 13:28:40 | 00,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
PRC - [2008/11/23 20:26:27 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/05/10 14:58:58 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Software\Virus\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/06 16:35:00 | 00,319,488 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent [On_Demand | Stopped])
SRV - [2007/03/19 21:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [Disabled | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/02/09 17:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/08/22 03:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2004/08/04 03:56:48 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2000/11/17 02:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Disabled | Stopped])
SRV - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01 [Auto | Running])
SRV - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/14 14:32:20 | 00,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped])
SRV - File not found -- -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2009/05/09 16:37:57 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Disabled | Stopped])
SRV - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2008/09/05 12:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2008/10/16 20:35:26 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Disabled | Stopped])
SRV - [2008/07/24 18:46:08 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Disabled | Stopped])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/09/14 14:35:04 | 00,267,560 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/10/21 19:09:44 | 00,229,376 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])
SRV - [2005/10/21 19:08:34 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [Disabled | Stopped])
SRV - [2005/10/21 16:58:02 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [Disabled | Stopped])
SRV - [2005/10/21 16:57:20 | 00,405,504 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Disabled | Stopped])
SRV - [2005/10/21 19:05:42 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Disabled | Stopped])
SRV - [2004/04/30 01:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4 [Auto | Running])
SRV - [2008/11/23 20:26:27 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2004/08/11 00:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/10 21:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 12:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 12:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2004/10/07 21:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2004/10/01 11:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/10/20 11:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2008/07/30 18:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2007/08/08 19:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
DRV - [2005/01/27 03:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/10/20 11:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/09 22:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2003/10/01 18:41:28 | 00,177,664 | ---- | M] (Emuzed, Inc.) -- C:\WINDOWS\System32\DRIVERS\EvcapMau.sys -- (EvcapMaui [On_Demand | Running])
DRV - [2002/09/16 23:04:10 | 00,079,323 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2007/09/14 14:32:12 | 00,108,328 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])
DRV - [2007/09/14 14:32:16 | 00,036,776 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2007/09/14 14:32:18 | 00,039,208 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
DRV - [2005/06/28 19:43:39 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2001/09/07 18:10:02 | 00,158,872 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\System32\DRIVERS\KMW_SYS.sys -- (KMW_SYS [On_Demand | Stopped])
DRV - [2004/10/21 13:31:06 | 00,054,851 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\L8042mou.sys -- (L8042mou [On_Demand | Stopped])
DRV - [2004/10/21 13:30:38 | 00,024,671 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2004/10/21 13:31:14 | 00,038,691 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Running])
DRV - [2008/07/24 18:46:10 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMImirr.sys -- (LMImirr [On_Demand | Running])
DRV - [2004/10/21 13:30:56 | 00,071,535 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE [On_Demand | Running])
DRV - [2003/12/12 19:03:10 | 00,652,689 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2002/07/11 06:16:10 | 00,003,480 | ---- | M] (cansoft@livewiredev.com) -- C:\WINDOWS\System32\mbmiodrvr.sys -- (MBMIoDrvr [On_Demand | Stopped])
DRV - [2005/10/20 11:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2009/03/16 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090629.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090629.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/02/29 09:34:33 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2003/09/19 16:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2001/06/04 17:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2002/08/29 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/10/20 11:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
DRV - [2007/11/29 18:30:24 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/03/25 06:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2002/10/04 11:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2005/10/21 17:34:30 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys -- (RxFilter [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/05 15:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2009/05/30 00:25:14 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/01/31 18:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2008/01/31 18:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2008/01/31 18:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/03/02 15:00:46 | 00,095,592 | ---- | M] (Rocket Division Software) -- C:\WINDOWS\system32\DRIVERS\StarPortLite.sys -- (StarPortLite [System | Running])
DRV - [2009/02/19 12:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/08 22:45:04 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/09 18:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090618.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2008/03/02 14:45:42 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Boot | Running])
DRV - [2009/02/19 12:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/11/10 12:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])
DRV - [2002/09/16 23:05:26 | 00,091,678 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Stopped])
DRV - [2002/09/16 23:05:36 | 00,071,514 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Sky Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Sky Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/14 22:42:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/17 15:34:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/17 15:34:48 | 00,000,000 | ---D | M]

[2009/06/28 01:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions
[2009/03/15 13:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/06/04 00:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/12/23 09:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/01/14 21:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/10/28 12:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/04/06 16:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2008/06/18 23:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/06/08 20:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2008/12/23 09:30:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2009/06/08 19:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}
[2008/11/12 20:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ekhy5qs3.default\extensions\moveplayer@movenetworks.com
[2008/01/28 00:10:34 | 00,002,920 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ekhy5qs3.default\searchplugins\daemon-search.xml
[2009/05/30 00:25:19 | 00,004,643 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ekhy5qs3.default\searchplugins\SkyWebSearch.xml
[2008/11/23 20:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/19 17:24:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/28 08:31:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/03/31 22:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2008/12/19 17:24:41 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/19 17:24:41 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/19 17:24:42 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/19 17:24:42 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/19 17:24:42 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/10/11 04:05:04 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/10/11 04:05:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/10/11 04:05:04 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/10/11 04:05:04 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/03/03 13:06:29 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/10/11 04:05:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305389 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10539 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F79AD27F-8140-4E33-8B1D-C4FC6B663CCA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB004" /M "Stylus Photo R200" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r (VERITAS Software, Inc.)
O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (Memeo Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html ()
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm File not found
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1238537738343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1238537729656 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/04 16:47:36 | 00,000,034 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{f85b1eba-cd56-11dc-ae9b-000c76033255}\Shell\open\command - "" = C:\WINDOWS\Explorer.exe -- [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{f9b6dca3-873c-11dd-a3d0-000c76033255}\Shell\AutoRun\command - "" = L:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\L\Shell - "" = Autorun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\Open\command - "" = RECYCLER\S-5-4-82-100023600-100022316-100013556-8826.com l:\
O33 - MountPoints2\M\Shell - "" = Autorun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\Open\command - "" = RECYCLER\S-5-4-82-100023600-100022316-100013556-8826.com m:\
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\W\Shell - "" = Autorun
O33 - MountPoints2\W\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\W\Shell\Open\command - "" = RECYCLER\S-5-4-82-100023600-100022316-100013556-8826.com w:\
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (smrgdf) - File not found
O34 - HKLM BootExecute: (C:\Documents) - File not found
O34 - HKLM BootExecute: (and) - File not found
O34 - HKLM BootExecute: (Settings\Administrator\Application) - File not found
O34 - HKLM BootExecute: (Data\iolo\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2009/06/28 23:48:28 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/06/28 18:03:57 | 00,000,094 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows No Disk Error Hotfix KB5504305 Rundll56.exe.URL
[2009/06/27 11:11:48 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Aplus DVD Creator.lnk
[2009/06/27 11:11:04 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Aplus DVD Ripper.lnk
[2009/06/27 11:09:54 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Aplus DVD Copy.lnk
[2009/06/24 19:24:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\StarBurn
[2009/06/24 19:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StarBurn
[2009/06/23 00:46:58 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/23 00:46:57 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/23 00:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/06/23 00:46:16 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/06/23 00:45:13 | 00,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sothink HD Movie Maker.lnk
[2009/06/23 00:44:47 | 00,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2009/06/23 00:44:47 | 00,147,456 | ---- | C] (SourceTec) -- C:\WINDOWS\System32\stQTSource.ax
[2009/06/23 00:44:44 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2009/06/23 00:44:44 | 00,434,176 | ---- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaSplitter.ax
[2009/06/23 00:44:44 | 00,217,088 | ---- | C] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2009/06/23 00:44:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/06/23 00:44:43 | 00,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2009/06/23 00:44:43 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/06/21 00:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\3D Image Commander
[2009/06/16 00:35:12 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash8.ocx
[2009/06/08 20:15:39 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Aplus Video Joiner.lnk
[2009/06/08 20:15:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RMBin
[2009/06/08 20:14:29 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Aplus Video Converter.lnk
[2009/06/08 20:14:28 | 00,421,888 | ---- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaSplitter.ax
[2009/06/08 20:14:27 | 00,856,064 | ---- | C] (Essien Research & Development) -- C:\WINDOWS\System32\mpgfiltr.ax
[2009/06/08 20:14:27 | 00,208,896 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx
[2009/06/08 20:14:27 | 00,139,264 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtde.dll
[2009/06/08 20:14:27 | 00,081,920 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll
[2009/06/08 20:13:46 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Aplus All Media to MP3.lnk
[2009/06/08 20:13:41 | 00,312,320 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTVideoView.dll
[2009/06/08 20:13:38 | 00,626,688 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTImageFile.dll
[2009/06/08 20:13:27 | 00,000,000 | ---D | C] -- C:\Program Files\Aplus
[2009/06/08 20:01:45 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/06/07 18:18:25 | 00,135,233 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CDF_08_Brochure.pdf
[2009/06/07 18:16:14 | 01,341,126 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Are-you-brochure-2009.pdf
[2009/06/06 08:23:45 | 00,438,272 | ---- | C] (DMSoft Technologies) -- C:\WINDOWS\System32\SkinCrafter.dll
[2009/06/06 08:23:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Extra DVD Creator.lnk
[2009/06/06 08:23:44 | 00,249,856 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\WINDOWS\System32\NCTQuickTimeFile.dll
[2009/06/06 08:23:44 | 00,201,216 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoPlayer.dll
[2009/06/06 08:23:44 | 00,188,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoFile.dll
[2009/06/06 08:23:43 | 00,764,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTRMFile.dll
[2009/06/06 08:23:42 | 00,215,552 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMVFile.dll
[2009/06/06 08:23:41 | 00,495,104 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCoreM.dll
[2009/06/06 08:23:41 | 00,382,464 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAVIFile.dll
[2009/06/06 08:23:39 | 02,846,720 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress3.dll
[2009/06/06 08:23:39 | 00,780,288 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCompress.dll
[2009/06/06 08:23:39 | 00,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioFormatSettings3.dll
[2009/06/06 08:23:38 | 00,778,240 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress2.dll
[2009/06/06 08:23:27 | 00,000,000 | ---D | C] -- C:\Program Files\Extra DVD Creator
[2009/06/06 08:22:24 | 00,000,404 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to _Downloads.lnk
[2009/06/04 00:17:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mp3 Music Editor
[2009/06/04 00:16:29 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mp3 Music Editor.lnk
[2009/06/04 00:16:07 | 02,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2009/06/04 00:16:07 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2009/06/04 00:16:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3 Music Editor
[2009/06/04 00:14:26 | 00,500,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How to Install Zune Games.pdf
[2009/06/04 00:13:47 | 00,000,076 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Unlimited Free Movie Downloads Sites Reviews - Free Movie Downloads - Free Full Movie Downloads.URL
[2009/06/04 00:13:42 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ZUNE DOWNLOADS Services Downloads, Music, movies, tv shows. The largest resource for zune content on the Internet..URL
[2009/06/04 00:13:35 | 00,000,069 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Zune Videos-Free Zune Downloads, Zune Music, and Zune Movies!.URL
[2009/05/17 15:25:28 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2009/05/17 15:25:15 | 00,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2009/05/17 15:06:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/05/17 14:59:07 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2009/05/14 00:20:49 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/14 00:20:49 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/28 12:41:22 | 07,277,568 | ---- | C] () -- C:\WINDOWS\System32\3gpcore.dll
[2008/09/11 09:43:09 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/21 16:14:10 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/13 22:49:36 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/29 21:24:53 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/02/20 00:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2008/01/27 23:59:24 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/13 19:05:23 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/01/13 19:05:23 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/13 19:05:23 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/13 19:05:23 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/02 20:45:30 | 00,000,033 | ---- | C] () -- C:\WINDOWS\UnitConverter.ini
[2007/12/12 19:21:41 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2006/12/16 14:49:46 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/29 18:01:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/04 17:39:08 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/08 15:18:02 | 00,007,920 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/12/28 18:35:13 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2005/10/24 23:35:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/21 17:07:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/03 23:28:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/08/03 23:13:31 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/07/15 14:35:56 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/06/09 19:45:05 | 00,000,026 | ---- | C] () -- C:\WINDOWS\GEDCOM_Lib.INI
[2005/04/24 17:41:03 | 00,000,050 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2004/11/30 04:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/11/29 14:06:32 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/07/01 20:30:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\IMPORT71.INI
[2004/07/01 20:15:05 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/06/26 23:40:29 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Administrator.ini
[2004/06/07 19:39:44 | 00,000,316 | ---- | C] () -- C:\WINDOWS\RoadAtlas.INI
[2004/06/04 20:25:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/06/03 17:03:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/23 13:51:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\Z.ini
[2004/02/23 15:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/01/07 21:39:40 | 00,000,107 | ---- | C] () -- C:\WINDOWS\MovieEdit.INI
[2004/01/07 21:26:02 | 00,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/01/03 22:10:09 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/17 23:39:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/10/17 22:32:21 | 00,000,846 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2003/10/02 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/09/13 01:05:54 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/08/18 18:56:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/08/18 18:56:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/08/05 14:25:44 | 00,098,384 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2003/07/04 18:07:20 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/07/04 18:07:20 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/06/11 21:57:53 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2003/05/25 17:47:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\PANIC32.dll
[2003/05/25 17:47:05 | 00,040,960 | ---- | C] () -- C:\WINDOWS\PANICNT.dll
[2003/05/25 16:24:38 | 00,380,928 | ---- | C] () -- C:\WINDOWS\scep_dll.dll
[2003/05/25 16:24:38 | 00,079,816 | ---- | C] () -- C:\WINDOWS\System32\VPN5000Gina.dll
[2003/04/26 23:24:58 | 00,000,250 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/03/23 02:19:03 | 00,000,113 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2003/03/23 02:11:07 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPS820.ini
[2003/03/23 01:56:28 | 00,000,030 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2003/01/31 07:08:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/31 03:36:36 | 00,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2003/01/31 03:36:36 | 00,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2003/01/31 03:24:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/01/31 03:24:47 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/01/31 01:51:10 | 00,001,292 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/31 01:50:55 | 00,001,251 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/31 01:04:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/31 00:40:41 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/01/31 00:36:53 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003/01/31 00:29:33 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/01/31 00:29:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/01/31 00:29:15 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/01/31 00:01:59 | 00,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/30 22:45:52 | 00,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/30 22:45:23 | 00,001,009 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/01/30 22:45:20 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/25 00:26:46 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\zstream.dll
[2002/09/27 08:37:56 | 00,122,946 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2002/03/19 18:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/09/01 02:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 22:47:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2001/05/29 12:23:34 | 00,002,918 | ---- | C] () -- C:\WINDOWS\System32\kid_inst.dll
[2001/03/06 19:47:48 | 00,077,560 | ---- | C] () -- C:\WINDOWS\System32\libungif.dll
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/29 08:07:09 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/29 08:04:55 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/29 08:03:55 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/06/29 08:03:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/29 08:03:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/29 08:03:19 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/28 18:03:57 | 00,000,094 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows No Disk Error Hotfix KB5504305 Rundll56.exe.URL
[2009/06/27 21:00:31 | 00,000,250 | ---- | M] () -- C:\WINDOWS\qwimp.ini
[2009/06/27 20:56:49 | 00,001,251 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/06/27 11:11:49 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Aplus DVD Creator.lnk
[2009/06/27 11:11:04 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Aplus DVD Ripper.lnk
[2009/06/27 11:09:54 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Aplus DVD Copy.lnk
[2009/06/23 00:45:13 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sothink HD Movie Maker.lnk
[2009/06/18 11:47:36 | 00,373,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/08 20:15:39 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Aplus Video Joiner.lnk
[2009/06/08 20:14:29 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Aplus Video Converter.lnk
[2009/06/08 20:13:46 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Aplus All Media to MP3.lnk
[2009/06/07 18:18:25 | 00,135,233 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CDF_08_Brochure.pdf
[2009/06/07 18:16:14 | 01,341,126 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Are-you-brochure-2009.pdf
[2009/06/06 08:23:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Extra DVD Creator.lnk
[2009/06/06 08:22:24 | 00,000,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to _Downloads.lnk
[2009/06/04 00:16:29 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mp3 Music Editor.lnk
[2009/06/04 00:14:27 | 00,500,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How to Install Zune Games.pdf
[2009/06/04 00:13:47 | 00,000,076 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Unlimited Free Movie Downloads Sites Reviews - Free Movie Downloads - Free Full Movie Downloads.URL
[2009/06/04 00:13:42 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ZUNE DOWNLOADS Services Downloads, Music, movies, tv shows. The largest resource for zune content on the Internet..URL
[2009/06/04 00:13:35 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Zune Videos-Free Zune Downloads, Zune Music, and Zune Movies!.URL
[2009/06/01 17:16:34 | 01,435,272 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash8.ocx
[2009/06/01 09:37:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2009/06/24 19:24:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/04/06 16:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/05/25 14:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2008/06/16 23:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2007/04/27 20:48:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2008/02/02 18:29:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/02/02 21:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2003/10/18 20:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Corel
[2004/01/08 01:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2008/01/28 00:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2008/01/13 13:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2009/06/24 20:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2008/03/22 13:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2006/10/30 09:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2008/09/29 20:21:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2006/04/14 23:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeCap
[2007/06/23 17:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
[2003/03/31 00:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2005/12/28 17:33:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hemera
[2003/01/18 08:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2007/12/12 19:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2003/01/18 08:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2003/07/04 20:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/05/12 18:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2009/05/25 12:28:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iRecordMax Sound Recorder
[2008/03/02 15:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lavasoft
[2005/08/03 23:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2005/07/24 12:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Logitech
[2004/09/04 23:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/05/10 16:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/04/07 10:14:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2003/03/24 01:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Motive
[2009/03/29 16:47:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Move Networks
[2006/10/29 15:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/06/04 00:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3 Music Editor
[2003/05/25 15:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSN6
[2009/01/07 21:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2008/11/30 16:23:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Personal Video Database
[2009/05/17 14:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PetShowCraze
[2004/01/07 20:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2009/05/10 01:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2009/05/16 23:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RealArcade
[2007/03/30 23:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RecordPad
[2009/06/02 00:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RipIt4Me
[2008/03/29 11:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roxio
[2003/01/18 08:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2003/01/18 08:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
[2007/03/25 17:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2007/10/03 18:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2009/06/24 19:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StarBurn
[2004/01/18 00:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/11/23 20:15:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2009/05/06 19:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2005/12/28 18:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2009/06/28 18:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2003/07/06 22:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2008/01/13 12:34:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/06/28 15:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/05/17 01:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2007/12/24 15:18:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2007/04/29 19:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2004/07/02 20:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
[2008/08/17 02:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YAMAHA
[2009/05/24 23:38:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/09 16:14:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/12 17:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/16 23:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2007/03/03 14:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2005/03/10 10:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/06/25 19:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2007/12/12 19:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/06/04 17:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/03/02 14:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/03/03 13:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2008/09/14 22:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/06/16 23:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/24 20:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/05/10 15:25:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 23:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/12 20:35:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2003/01/18 08:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2003/05/25 15:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2006/12/03 22:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/07 21:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/19 19:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/11/23 20:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2008/11/23 17:13:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/05/24 23:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009/05/24 23:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2003/11/28 00:23:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2006/06/04 17:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2003/01/18 08:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/09/21 13:05:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2006/06/04 17:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/05/17 17:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/23 00:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/09/20 20:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2009/05/24 13:35:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/16 23:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2005/12/28 17:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/01/02 19:41:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/20 13:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2005/08/20 00:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/03/15 19:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2007/03/19 23:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/08/17 02:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2009/05/09 16:28:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2002/08/29 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/04 20:00:00 | 00,000,638 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job
[2009/06/29 08:03:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/05/12 23:07:16 | 00,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Registry Cleaner 4.job

========== Purity Check ==========

< End of report >

--------------------------------
# the contents of Extras.txt
--------------------------------

OTListIt Extras logfile created on: 6/29/2009 6:08:55 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Administrator\My Documents\Software\Virus
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 577.96 Mb Available Physical Memory | 56.47% Memory free
1.66 Gb Paging File | 1.33 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.39 Gb Total Space | 9.93 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.81 Gb Free Space | 15.07% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JLOVELY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/03/01 18:11:34 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/10/13 12:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/06/02 05:29:26 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2005/10/21 16:57:20 | 00,405,504 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service
[2009/05/10 19:50:53 | 00,281,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0DCFC7D5-8608-478C-8082-1FF848B978AF}" = USB Storage RW
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1EEE2A9F-6471-42fa-8923-E8879168CE26}" = HP Photo and Imaging 1.1 - Photosmart Cameras
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B332B6-41A4-4E5A-8524-A6054BAA3E4D}" = HP_Patch
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3780136B-22BA-4327-A226-A39EB2636730}" = Roxio Easy Media Creator 8 Content
"{39352E3D-43FF-44E7-AC2F-0ADA04AF9BB2}_is1" = Sothink HD Movie Maker
"{3A2AA418-42ED-41A2-8A4E-D887E24B1033}" = Nero 7 Essentials
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6CAEFA23-0C08-4899-A661-29D69228AF6D}" = HP Memories Disc
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 82845G Graphics Driver Software
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95178E4F-BD83-43BE-B59A-9C46281853A0}" = LogMeIn
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{99755640-9633-11D5-AB3C-0050DAB311CC}" = InterVideo MP3 XPack
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC18A517-7978-42CB-817C-CE85892DC307}" = Decoder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE26E172-5743-40E3-BC11-7C274BC531A3}" = Hemera Photo-Objects 5000
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA4002D-3744-45AD-88E0-2573815C1C3A}" = PhotoImpact Pro
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D051AE1E-48F5-4B90-B491-97549B0CE6B9}" = SymNet
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D7FF3E87-3593-4b2a-B7AD-50574153BCBF}" = PrintFolders
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF62A8DF-4EFA-4970-ACC9-2F236C6552BF}" = Family Tree Maker
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"3D Image Commander_is1" = 3D Image Commander 1.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"AIDA32_is1" = AIDA32 v2.20
"AllMedia Grabber4.0" = AllMedia Grabber
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"amg-animalagents" = Animal Agents
"amg-magicencyclopedia" = Magic Encyclopedia
"amg-petshowcraze" = Pet Show Craze
"amg-puzzlehero" = Puzzle Hero
"amg-secretsofgreatart" = Secrets of Great Art
"amg-snapshotadventuressecretofbirdisland" = Snapshot Adventures - Secret of Bird Island
"Aplus DVD Copy_is1" = Aplus DVD Copy 8.79
"Aplus DVD Creator_is1" = Aplus DVD Creator 8.68
"Aplus DVD Ripper_is1" = Aplus DVD Ripper 8.59
"Aplus Media to MP3_is1" = Aplus Media to MP3
"Aplus Video Converter_is1" = Aplus Video Converter 8.79
"Aplus Video Joiner_is1" = Aplus Video Joiner 8.68
"Ares" = Ares 2.0.9
"Autorun Eater_is1" = Autorun Eater v2.3
"Autumn MP3 Tagger_is1" = Autumn MP3 Tagger 2.50
"AviSynth" = AviSynth 2.5
"BackWeb-137903 Uninstaller" = hp center
"Big Kahuna Reef_is1" = Big Kahuna Reef
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CCleaner" = CCleaner (remove only)
"CDBF - DBF Viewer and Editor" = CDBF - DBF Viewer and Editor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Corner-A ArtStudio" = Corner-A ArtStudio
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Cover Commander" = Cover Commander 3.0 by Insofta Development
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.3.0 Final Registered
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eBook to Images_is1" = eBook to Images
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"EvJO Photo-Image Resizer_is1" = EvJO Photo-Image Resizer v2.5
"Extra DVD Creator_is1" = Extra DVD Creator 6.48
"Extra DVD Ripper Professional_is1" = Extra DVD Ripper Professional 6.43
"Extra DVD to Audio MP3 Ripper_is1" = Extra DVD to Audio MP3 Ripper 6.07
"FastStone Photo Resizer" = FastStone Photo Resizer 2.2
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FileZilla Client" = FileZilla Client 3.1.1.1
"Film Factory" = Film Factory
"Free Internet Eraser_is1" = Free Internet Eraser 2.10
"Freez 3GP Video Converter_is1" = Freez 3GP Video Converter 2.0
"GameHouse" = GameHouse
"Genbox Family History_is1" = Genbox Family History 3.4.0
"HijackThis" = HijackThis 2.0.2
"hp instant support" = HP Instant Support
"HPTOOLKIT" = hp toolkit
"HTMLKit_is1" = HTML-Kit
"ImageWarp" = ImageWarp
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Indeo® Software" = Indeo® Software
"Ink Monitor" = Ink Monitor
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{AE26E172-5743-40E3-BC11-7C274BC531A3}" = Hemera Photo-Objects 5000
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"InterActual Player" = InterActual Player
"iolo technologies' System Mechanic" = iolo technologies' System Mechanic
"iRecordMax Sound Recorder_is1" = iRecordMax Sound Recorder v7.1.3
"IrfanView" = IrfanView (remove only)
"Legacy 5.0" = Legacy 5.0
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McMartin's GedReporter 1.1.2" = McMartin's GedReporter 1.1.2
"Media Tagger v1.2.0_is1" = Media Tagger version 1.2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mp3 Music Editor_is1" = Mp3 Music Editor v4.5.1
"MrSID GeoViewer" = MrSID GeoViewer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSetMan 2_is1" = NetSetMan 2.5.4
"NVIDIA Drivers" = NVIDIA Drivers
"Panorama 32" = Panorama 32
"PCDoctor" = PC-Doctor for Windows
"Personal Video Database_is1" = Personal Video Database 0.9.7.1
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"Setup Wizard EPIC" = EPSON EPIC
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silent Package Run-Time Sample" = EPSON SP R200 Reference Guide
"StarBurn(GiveAwayOfTheDay)_is1" = StarBurn(GiveAwayOfTheDay) Version 12 (Build 0x20090527)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"TagScanner_is1" = TagScanner 4.7 build 471 beta
"TreeDraw (shareware)" = TreeDraw (shareware)
"TreeDraw Viewer" = TreeDraw Viewer
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WallpaperToy" = Wallpaper Changer for Windows XP
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Webshots Desktop_is1" = Webshots Desktop
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-rc1
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinX DVD Author_is1" = WinX DVD Author 5.5
"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Audio Converter_is1" = Wondershare Audio Converter(Build 4.2.0.56)
"Wondershare Photo Collage Studio GAOTD Edition_is1" = Wondershare Photo Collage Studio 4.2.9.1
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArcView GIS 3.2" = ArcView GIS 3.2a
"InstallShield_{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"Sprint Digital Lounge" = Sprint Digital Lounge
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

--------------------------------
# the contents of checkup.txt
--------------------------------

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
ESETOnlineScannerv3
TagScanner4.7build471beta
EPSONStylusCX8400SeriesScannerDriver Update
NortonAntiVirus
NortonAntiVirusHelp
NortonInternetSecurity(SymantecCorporation)
NortonInternetSecurity
NortonConfidentialCore
NortonProtectionCenter
NortonInternetSecurity
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Ad-Aware
Yahoo! Anti-Spy
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Wise Registry Cleaner 4 Free 4.3
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot SDHelper is disabled!
Administrator My Documents Software Virus\SecurityCheck.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````


Scan took 21 seconds.
`````````End of Log```````````

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:30 PM

Posted 29 June 2009 - 10:32 PM

You most likely had an infected USB drive (as you mentioned before) and also have an autorun infection.
Place all your USB flash drives in-place so that some of these programs will be able to find them.

I'm going to have you get and run two utilities.
The first stops automatic use of the AutoRun feature of XP. The second will write to any connected devices a Read-only, System protected Autorun.inf file on all of your hard drives, and all connected removable storage devices.

Download and Install Microsoft's TweakUI:
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
Obtain and install TweakUI (part of the PowerToys for Windows XP package), and then start TweakUI.
Expand the My Computer branch, then the AutoPlay branch, and then select Drives.
Turn off the checkbox next to every drive letter to disable AutoPlay -- except your CD/DVD drive letters.

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
http://download.bleepingcomputer.com/sUBs/...Disinfector.exe
There is no GUI interface or log file produced.
=

There's a newer version of OTListIt which I want you to get. But first, delete OTListIt2.exe which you have from before.
Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\W]
    
    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    l:\recycler
    m:\recycler
    o:\recycler
    w:\recycler
    C:\WINDOWS\Tasks\At*.job
    C:\windows\system32\drivers\TDSS*.*
    C:\windows\system32\TDSS*.*
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

=
This system has an old version of Java Run-time.

Uninstall jre1.6 (or any earlier) + any other (JRE Runtime Environment ) Sun Java package via Add/Remove Programs.
If you see any other Java versions there,
such as
J2SE Runtime Environment 5.0
Java SE Runtime Environment
Java 6


uninstall all of them. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.Do NOT delete C:\Program Files\JavaVM <=this folder, if found!
Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp
> In top of the page (second in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 14
> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control
> Accept the license agreement
> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.
  • Tip: Choose Custom install to select only the part(s) you need/want.
Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.
=

This system already has HijackThis diagnostic program vers 2.0.2

Start HijackThis . Do a Scan and Save report.

Reply with copy of the OTL MovedFiles log
the Sysclean log
and the HijackThis log

and tell me, How is your system now ?

Edited by Maurice Naggar, 29 June 2009 - 10:33 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 jlovely

jlovely
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 05 July 2009 - 07:30 PM

Hi,

Here are the logs. Thanks again for your time.


*****************************************************
--------------------
OTL
--------------------

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\W\ deleted successfully.
========== FILES ==========
C:\RECYCLER\S-1-5-21-2380344912-788235169-3816468408-500 moved successfully.
C:\RECYCLER moved successfully.
D:\RECYCLER moved successfully.
File\Folder e:\recycler not found.
File\Folder f:\recycler not found.
File\Folder g:\recycler not found.
File\Folder h:\recycler not found.
l:\RECYCLER\S-1-5-21-854245398-1935655697-682003330-2701 moved successfully.
l:\RECYCLER\S-1-5-21-2380344912-788235169-3816468408-500 moved successfully.
l:\RECYCLER\S-1-5-21-1375322381-2383157631-4009024771-1006 moved successfully.
l:\RECYCLER moved successfully.
m:\RECYCLER\S-1-5-21-854245398-1935655697-682003330-2701 moved successfully.
m:\RECYCLER\S-1-5-21-2380344912-788235169-3816468408-500 moved successfully.
m:\RECYCLER\S-1-5-21-1375322381-2383157631-4009024771-1006 moved successfully.
m:\RECYCLER moved successfully.
File\Folder o:\recycler not found.
w:\RECYCLER\S-1-5-21-854245398-1935655697-682003330-2701 moved successfully.
w:\RECYCLER\S-1-5-21-2380344912-788235169-3816468408-500 moved successfully.
w:\RECYCLER\S-1-5-21-1375322381-2383157631-4009024771-1006 moved successfully.
w:\RECYCLER moved successfully.
File\Folder C:\WINDOWS\Tasks\At*.job not found.
File\Folder C:\windows\system32\drivers\TDSS*.* not found.
File\Folder C:\windows\system32\TDSS*.* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 147122560 bytes
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 80379649 bytes
->Java cache emptied: 5280465 bytes
->FireFox cache emptied: 51195635 bytes

User: All Users

User: Default User
->Temp folder emptied: 249494 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 60262 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\06624881CF7D4F8A86C05114B122E776.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1270055 bytes
%systemroot%\System32 .tmp files removed: 15963153 bytes
File delete failed. C:\WINDOWS\temp\JETAB9C.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 1296245 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 290.63 mb


OTL by OldTimer - Version 3.0.6.5 log created on 07052009_134228

Files\Folders moved on Reboot...
C:\WINDOWS\temp\JETAB9C.tmp moved successfully.

Registry entries deleted on Reboot...


****************************************************
--------------------
Sysclean
--------------------


/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006-2007, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2009-07-05, 14:44:01, Auto-clean mode specified.
2009-07-05, 14:44:03, Initialized Rootkit Driver version 2.2.0.1004.
2009-07-05, 14:44:03, Running scanner "C:\DCE\TSC.BIN"...
2009-07-05, 14:45:03, Scanner "C:\DCE\TSC.BIN" has finished running.
2009-07-05, 14:45:03, TSC Log:

’žD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 1 ( B u i l d 1 0 2 7 ) ( R C M : 2 . 2 . 0 - 1 0 0 4 )


W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 2 )




S t a r t t i m e : S u n J u l 0 5 2 0 0 9 1 4 : 4 4 : 0 5





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ t s c . p t n " ( v e r s i o n 1 0 4 8 ) [ s u c c e s s ]





C o m p l e t e t i m e : S u n J u l 0 5 2 0 0 9 1 4 : 4 5 : 0 3


E x e c u t e p a t t e r n c o u n t ( 3 0 6 1 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2009-07-05, 14:45:03, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-07-05, 17:38:32, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-07-05, 17:38:32, VSCANTM Log:

2009-07-05, 17:38:32, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/5/2009 14:45:04
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 247 (446785/446785 Patterns) (2009/07/05) (624700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\DCE\lpt$vpn.247

155471 files have been read.
155471 files have been checked.
155437 files have been scanned.
363422 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/5/2009 17:38:32 2 hours 53 minutes 26 seconds (10406.33 seconds) has elapsed.(66.934 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-05, 17:38:32, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/5/2009 14:45:04
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 247 (446785/446785 Patterns) (2009/07/05) (624700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\DCE\lpt$vpn.247

155471 files have been read.
155471 files have been checked.
155437 files have been scanned.
363422 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/5/2009 17:38:32 2 hours 53 minutes 26 seconds (10406.33 seconds) has elapsed.(66.934 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-05, 17:38:32, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/5/2009 14:45:04
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 247 (446785/446785 Patterns) (2009/07/05) (624700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\DCE\lpt$vpn.247

155471 files have been read.
155471 files have been checked.
155437 files have been scanned.
363422 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/5/2009 17:38:32 2 hours 53 minutes 26 seconds (10406.33 seconds) has elapsed.(66.934 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-05, 17:38:32, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-07-05, 17:51:52, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-07-05, 17:51:52, VSCANTM Log:

2009-07-05, 17:51:52, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/5/2009 17:38:33
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 247 (446785/446785 Patterns) (2009/07/05) (624700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\DCE\lpt$vpn.247

9473 files have been read.
9473 files have been checked.
9472 files have been scanned.
49134 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/5/2009 17:51:51 13 minutes 17 seconds (797.06 seconds) has elapsed.(84.141 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-05, 17:51:52, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/5/2009 17:38:33
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 247 (446785/446785 Patterns) (2009/07/05) (624700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\DCE\lpt$vpn.247

9473 files have been read.
9473 files have been checked.
9472 files have been scanned.
49134 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/5/2009 17:51:51 13 minutes 17 seconds (797.06 seconds) has elapsed.(84.141 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-05, 17:51:52, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/5/2009 17:38:33
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 247 (446785/446785 Patterns) (2009/07/05) (624700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\DCE\lpt$vpn.247

9473 files have been read.
9473 files have been checked.
9472 files have been scanned.
49134 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/5/2009 17:51:51 13 minutes 17 seconds (797.06 seconds) has elapsed.(84.141 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-05, 17:51:52, Running SSAPI scanner ""...
2009-07-05, 19:38:43, SSAPI Log:

SSAPI Scanner Version: 1.0.1003
SSAPI Engine Version: 5.2.1032
SSAPI Pattern Version: 7.95
SSAPI Anti-Rootkit Version: 2.2.0.1004

Spyware Scan Started: 07/05/2009 17:51:59


SSAPI requires the system to reboot.
Detected Items:
[CLEAN SUCCESS][Cookie_2o7] Internet Explorer Cache\2o7.net,Cookie:administrator@2o7.net/,C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
[CLEAN SUCCESS][Cookie_Com] Internet Explorer Cache\com.com,Cookie:administrator@com.com/,C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
[CLEAN SUCCESS][Cookie_Overture] Internet Explorer Cache\perf.overture.com,Cookie:administrator@perf.overture.com/,C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
[CLEAN SUCCESS][Cookie_Revsci] Internet Explorer Cache\revsci.net,Cookie:administrator@revsci.net/,C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
[CLEAN SUCCESS][Cookie_Softomate] Internet Explorer Cache\soft32.com,Cookie:administrator@soft32.com/,C:\Documents and Settings\Administrator\Cookies\administrator@soft32[1].txt
[CLEAN SUCCESS][Adware_FasterXP] S-1-5-21-2380344912-788235169-3816468408-500\Software\Softwrap\
[CLEAN SUCCESS][HackingTools_RedButton] S-1-5-21-2380344912-788235169-3816468408-500\Software\WhiteTown\
[CLEAN SUCCESS][Dialer_PlayGames] C:\Documents and Settings\Administrator\My Documents\Software\Yahoo IM\emoticon_v4\emoticon_v4.exe,C:\DOCUME~1\ADMINI~1\MYDOCU~1\Software\YAHOOI~1\EMOTIC~1\EMOTIC~1.EXE,7741
[CLEAN SUCCESS][HackingTools_ProcKill] C:\hp\bin\Terminator.exe,C:\hp\bin\TERMIN~1.EXE,4703
Detected: 9 items.
Cleaned Success: 9 items.
Clean Failed: 0 items.

Spyware Scan Ended: 07/05/2009 19:38:43
Scan Complete. Time=6410.319824.


**********************************************************
----------------------
HijackThis
----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:45 PM, on 7/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewsonic.com/forms/warrantyreg.cfm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB004" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238537738343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238537729656
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12047 bytes

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:30 PM

Posted 05 July 2009 - 10:25 PM

The HJT log is fine. You are good to go after these steps.

Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you need to un-install it. Go to Control Panel and Add-or-Remove programs.
Look for it and click the line for it. Select Change/Remove to de-install it.
Also de-install ESET Online scan
OK & Exit out of Control Panel

I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.
  • Please double-click OTL.exe Posted Image to start it.
  • Click on the CleanUp! button {top upper right}. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
We are finished here. Best regards.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 jlovely

jlovely
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 26 July 2009 - 03:14 PM

Thank you for all of your help. I appreciate it!!

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:30 PM

Posted 26 July 2009 - 04:55 PM

You're welcome.
Since this is resolved, I am closing this thread.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users