Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have something like malware/spyware/trojan thing


  • This topic is locked This topic is locked
8 replies to this topic

#1 pradeepsahi

pradeepsahi

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 14 May 2009 - 02:39 PM

http://www.bleepingcomputer.com/forums/t/225877/random-ie-websites-keep-popping-up/



garmanma told me that It will hide for a while and come back.
ANd told me to post this.






DDS (Ver_09-05-14.01) - NTFSx86
Run by Angita at 20:20:52.14 on 14/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: ӵQQ - d:\documents and settings\angita\my documents\my received files\AddEmotion.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - d:\documents and settings\angita\my documents\my received files\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
Notify: RAinit - RAinit.dll
AppInit_DLLs: ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\documents and settings\angita\my documents\my received files\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\angita\applic~1\mozilla\firefox\profiles\43uc2wru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-05-12 16:42 --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-12 16:42 --d----- d:\docume~1\angita\applic~1\SUPERAntiSpyware.com
2009-05-12 16:41 --d----- c:\program files\common files\Wise Installation Wizard
2009-05-11 19:49 --d----- d:\docume~1\angita\applic~1\Malwarebytes
2009-05-11 19:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 19:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 19:49 --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-10 19:32 -cd-h--- d:\docume~1\alluse~1\applic~1\~1
2009-05-10 19:30 --d----- c:\program files\Lavasoft
2009-05-10 15:06 1,009 a------- c:\windows\system32\Copy of $winnt$.inf
2009-05-08 16:30 1,398,061 ---sh--- c:\windows\system32\alanokeh.ini
2009-05-06 09:11 1,424,207 ---sh--- c:\windows\system32\ehusezez.ini
2009-05-05 18:39 --d----- c:\program files\CCleaner
2009-05-05 18:21 -cd-h--- d:\docume~1\alluse~1\applic~1\~0
2009-05-05 18:15 --d----- d:\docume~1\angita\applic~1\uniblue
2009-05-05 18:09 --d-hr-- C:\AHCache
2009-05-05 08:03 1,424,198 ---sh--- c:\windows\system32\iwozituj.ini
2009-05-04 10:05 1,398,079 ---sh--- c:\windows\system32\inazikun.ini
2009-05-03 23:09 --d----- d:\docume~1\angita\applic~1\QQ
2009-05-03 23:08 --d----- c:\windows\system32\qqedit
2009-05-03 23:01 15,432 a------- c:\windows\system32\TesDrvPt.sys
2009-05-03 22:04 1,425,359 ---sh--- c:\windows\system32\ejusonos.ini
2009-05-03 21:41 --d----- d:\docume~1\angita\applic~1\Tencent
2009-05-03 10:03 1,425,372 ---sh--- c:\windows\system32\epowemot.ini
2009-05-02 19:46 1,179,648 a------- c:\windows\system32\cshell.dll
2009-05-02 19:13 4,178,264 a------t c:\windows\system32\d3dx9_41.dll
2009-05-02 09:24 9,830 a------- c:\windows\exefix.reg
2009-05-01 21:03 1,179,648 a------- c:\windows\system\cshell.dll
2009-04-30 20:14 --d----- C:\Downloads
2009-04-27 18:19 --d----- C:\temp
2009-04-21 07:53 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-21 07:53 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-21 07:53 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-21 07:53 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-21 07:53 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-21 07:53 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-21 07:53 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-21 07:53 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-21 07:52 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 14:08 --d----- d:\docume~1\alluse~1\applic~1\TVU Networks

==================== Find3M ====================

2009-05-10 12:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-10 12:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 12:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-08 16:24 52,224 a--sh--- c:\windows\system32\gilavofi.exe
2009-04-27 17:54 63,248 ac------ d:\docume~1\angita\applic~1\GDIPFONTCACHEV1.DAT
2009-04-09 09:09 3,584 a------- c:\windows\~DF9F32.tmp
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 11:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-09-17 20:12 2,400,784 ac------ d:\docume~1\angita\applic~1\WLinstaller.exe
2008-09-15 21:45 1,495,112 ac------ d:\docume~1\angita\applic~1\install_flash_player.exe
2008-09-17 16:12 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080915\index.dat
2008-09-17 16:12 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 20:24:50.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 AM

Posted 15 May 2009 - 10:28 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 pradeepsahi

pradeepsahi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 15 May 2009 - 12:20 PM

OTListIt logfile created on: 15/05/2009 18:02:27 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = D:\Documents and Settings\Angita\My Documents\My Received Files\SpywareGuard
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 124.02 Mb Available Physical Memory | 25.87% Memory free
2.00 Gb Paging File | 1.65 Gb Available in Paging File | 82.57% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 22.60 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 69.77 Gb Free Space | 62.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAHIPC
Current User Name: Angita
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/05/10 12:30:18 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/05/11 14:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/05/11 14:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2000/11/17 01:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2005/05/11 14:52:04 | 00,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HIDSERVICE.exe
PRC - [2009/02/03 07:25:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2004/08/04 15:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/07/02 18:40:08 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2008/04/14 01:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2008/09/15 19:23:49 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2004/02/26 10:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/05/11 14:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2009/05/10 12:30:52 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/05/10 12:31:13 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/10 12:31:07 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/10 12:31:12 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/09 19:09:24 | 01,537,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2009/05/10 12:30:37 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2004/08/04 15:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2009/05/15 17:27:10 | 00,286,208 | ---- | M] () -- D:\Documents and Settings\Angita\My Documents\My Received Files\SpywareGuard\v0prbwnd.exe
PRC - [2009/05/15 17:24:44 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Angita\My Documents\My Received Files\SpywareGuard\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/14 01:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2004/04/08 09:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Disabled | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/10 12:30:52 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/05/10 12:30:18 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/12/13 15:30:08 | 00,079,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/05/11 14:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/05/11 14:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2005/05/11 14:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
SRV - [2000/11/17 01:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HIDSERVICE.exe -- (GenericHidService [Auto | Running])
SRV - [2008/12/01 12:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 01:11:55 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll -- (Iprip [Auto | Running])
SRV - [2009/02/03 07:25:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004/08/04 15:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2009/03/16 20:37:00 | 02,849,844 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\GameMon.des -- (npggsvc [Disabled | Stopped])
SRV - [2008/04/14 01:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
SRV - [2008/11/03 20:55:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - File not found -- -- (RAMaint [Auto | Stopped])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2004/08/04 15:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2003/07/02 18:40:08 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])
SRV - [2008/04/14 01:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2008/09/15 19:23:49 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2004/02/26 10:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/07/26 18:03:22 | 03,644,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2003/12/17 15:30:46 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2009/05/10 12:31:12 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/10 12:31:12 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/10 12:31:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/10/25 21:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2005/09/09 19:09:10 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GearAspiWDM [System | Running])
DRV - [2009/02/19 22:11:26 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2008/07/24 19:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Stopped])
DRV - [2008/10/16 21:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 19:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2003/07/16 13:30:26 | 00,221,736 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2003/07/02 17:26:36 | 01,301,128 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2003/07/02 16:57:10 | 00,167,384 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys -- (NtMtlFax [On_Demand | Stopped])
DRV - [2004/08/04 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/04/17 15:00:30 | 00,010,168 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\ramirr.sys -- (ramirr [On_Demand | Stopped])
DRV - [2008/07/03 16:13:04 | 00,083,312 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\RARfsClientNP.dll -- (RARfsClientNP [Disabled | Stopped])
DRV - [2007/04/05 12:55:16 | 00,046,000 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\RARfsDriver.sys -- (RARfsDriver [Auto | Running])
DRV - [2004/08/03 23:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent [On_Demand | Stopped])
DRV - [2007/04/24 12:33:34 | 00,083,336 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s125bus.sys -- (s125bus [On_Demand | Stopped])
DRV - [2007/04/24 12:33:42 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s125mdfl.sys -- (s125mdfl [On_Demand | Stopped])
DRV - [2007/04/24 12:33:44 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s125mdm.sys -- (s125mdm [On_Demand | Stopped])
DRV - [2007/04/24 12:33:46 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s125mgmt.sys -- (s125mgmt [On_Demand | Stopped])
DRV - [2007/04/24 12:33:46 | 00,098,696 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s125obex.sys -- (s125obex [On_Demand | Stopped])
DRV - [2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Documents and Settings\Angita\My Documents\My Received Files\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Documents and Settings\Angita\My Documents\My Received Files\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Documents and Settings\Angita\My Documents\My Received Files\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/22 06:42:32 | 00,323,584 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Running])
DRV - [2008/09/22 07:04:00 | 00,019,072 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys -- (SiSkp [System | Running])
DRV - [2004/11/05 17:43:58 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\DRIVERS\sisnicxp.sys -- (SISNICXP [On_Demand | Running])
DRV - [2003/08/20 18:34:50 | 00,548,952 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2003/07/02 17:24:36 | 00,086,128 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2003/07/02 17:12:52 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2008/11/28 18:03:53 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2008/09/15 19:23:50 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2005/09/09 19:09:20 | 00,144,832 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2009/05/03 23:01:32 | 00,015,432 | ---- | M] (TENCENT) -- C:\WINDOWS\system32\TesDrvPt.sys -- (TesDrvPt [On_Demand | Stopped])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2005/09/09 19:09:20 | 00,056,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount [System | Running])
DRV - [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\S-1-5-21-2898857401-1343770028-3982664548-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/10 14:43:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/10 14:43:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/03 07:25:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/11 18:17:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/13 17:56:52 | 00,000,000 | ---D | M]

[2008/09/15 20:03:16 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Angita\Application Data\mozilla\Extensions
[2008/09/15 20:03:16 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Angita\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/14 22:02:44 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Angita\Application Data\mozilla\Firefox\Profiles\43uc2wru.default\extensions
[2009/02/28 08:57:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Angita\Application Data\mozilla\Firefox\Profiles\43uc2wru.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/02/28 09:00:21 | 00,001,620 | ---- | M] () -- D:\Documents and Settings\Angita\Application Data\Mozilla\FireFox\Profiles\43uc2wru.default\searchplugins\mozilla-add-ons.xml
[2008/09/18 16:56:25 | 00,000,656 | ---- | M] () -- D:\Documents and Settings\Angita\Application Data\Mozilla\FireFox\Profiles\43uc2wru.default\searchplugins\yahoo.xml
[2009/05/14 22:00:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/07 14:18:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/03 07:27:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/07 14:17:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/07 14:17:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/24 21:18:06 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/24 21:18:06 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/24 21:18:06 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/24 21:18:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/24 21:18:07 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/24 21:18:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/24 21:18:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/24 21:18:07 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (797 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" (Symantec Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O8 - Extra context menu item: ӵQQ - D:\Documents and Settings\Angita\My Documents\My Received Files\AddEmotion.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [PNRP Cloud Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [PNRP Name Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Documents and Settings\Angita\My Documents\My Received Files\SASWINLO.dll - D:\Documents and Settings\Angita\My Documents\My Received Files\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\RAinit: DllName - RAinit.dll - C:\WINDOWS\system32\RAinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Documents and Settings\Angita\My Documents\My Received Files\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\Shell\Open\command - "" = system.exe
O33 - MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\Shell\Open\command - "" = system.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/15 17:54:11 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/13 07:14:31 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/12 16:42:35 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/12 16:42:10 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Angita\Application Data\SUPERAntiSpyware.com
[2009/05/12 16:41:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/11 19:49:29 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Angita\Application Data\Malwarebytes
[2009/05/11 19:49:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/11 19:49:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/11 19:49:07 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/11 18:17:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/10 19:35:19 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/10 19:32:33 | 00,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\~1
[2009/05/10 19:30:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/10 19:30:54 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/10 15:06:55 | 00,001,009 | ---- | C] () -- C:\WINDOWS\System32\Copy of $winnt$.inf
[2009/05/08 16:30:03 | 01,398,061 | -HS- | C] () -- C:\WINDOWS\System32\alanokeh.ini
[2009/05/06 09:11:08 | 01,424,207 | -HS- | C] () -- C:\WINDOWS\System32\ehusezez.ini
[2009/05/05 18:39:18 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/05 18:21:27 | 00,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\~0
[2009/05/05 18:15:56 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Angita\Application Data\uniblue
[2009/05/05 18:09:32 | 00,000,000 | RH-D | C] -- C:\AHCache
[2009/05/05 08:03:54 | 01,424,198 | -HS- | C] () -- C:\WINDOWS\System32\iwozituj.ini
[2009/05/04 10:05:01 | 01,398,079 | -HS- | C] () -- C:\WINDOWS\System32\inazikun.ini
[2009/05/03 23:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/03 23:09:06 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Angita\Application Data\QQ
[2009/05/03 23:08:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\qqedit
[2009/05/03 23:01:32 | 00,015,432 | ---- | C] (TENCENT) -- C:\WINDOWS\System32\TesDrvPt.sys
[2009/05/03 22:04:30 | 01,425,359 | -HS- | C] () -- C:\WINDOWS\System32\ejusonos.ini
[2009/05/03 21:41:59 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Angita\Application Data\Tencent
[2009/05/03 10:03:25 | 01,425,372 | -HS- | C] () -- C:\WINDOWS\System32\epowemot.ini
[2009/05/02 19:46:14 | 01,179,648 | ---- | C] (Barking Dog Studios) -- C:\WINDOWS\System32\cshell.dll
[2009/05/02 19:13:46 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_41.dll
[2009/05/02 09:51:57 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/05/02 09:51:57 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/05/02 09:51:57 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/05/02 09:51:57 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/05/02 09:51:57 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/05/02 09:51:57 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/05/02 09:51:57 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/05/02 09:51:56 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/05/02 09:51:56 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/05/02 09:51:56 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/05/02 09:51:56 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/05/02 09:51:56 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/05/02 09:51:56 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/05/02 09:51:56 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/05/02 09:51:55 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/05/02 09:51:55 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/05/02 09:51:55 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/05/02 09:51:55 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/05/02 09:51:55 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/05/02 09:51:54 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/05/02 09:51:54 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/05/02 09:51:54 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/05/02 09:51:54 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/05/02 09:51:54 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/05/02 09:51:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/05/02 09:51:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/05/02 09:51:48 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/05/02 09:51:48 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/05/02 09:51:47 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/05/02 09:51:47 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2009/05/02 09:51:47 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/05/02 09:51:47 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2009/05/02 09:51:47 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/05/02 09:51:47 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2009/05/02 09:51:46 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/05/02 09:51:46 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/05/02 09:51:36 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/05/02 09:51:36 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/05/02 09:51:35 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/05/02 09:51:35 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/05/02 09:51:35 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/05/02 09:51:35 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/05/02 09:51:35 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/05/02 09:51:35 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/05/02 09:51:35 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/05/02 09:51:35 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/05/02 09:51:35 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/05/02 09:51:34 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/05/02 09:51:34 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/05/02 09:51:34 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/05/02 09:51:34 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/05/02 09:51:34 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/05/02 09:51:34 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/05/02 09:51:34 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/05/02 09:51:34 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/05/02 09:51:34 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/05/02 09:51:33 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/05/02 09:51:33 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/05/02 09:51:33 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/05/02 09:51:33 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/05/02 09:51:33 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/05/02 09:51:33 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/05/02 09:51:33 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/05/02 09:51:32 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/05/02 09:51:32 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/05/02 09:51:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/05/02 09:51:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/05/02 09:51:32 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/05/02 09:51:32 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/05/02 09:51:31 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2009/05/02 09:51:31 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2009/05/02 09:51:31 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2009/05/02 09:51:31 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/02 09:51:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/02 09:51:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/02 09:51:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/02 09:51:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/02 09:51:30 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2009/05/02 09:51:30 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2009/05/02 09:51:30 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2009/05/02 09:51:30 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2009/05/02 09:51:30 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2009/05/02 09:51:30 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2009/05/02 09:51:29 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2009/05/02 09:51:29 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2009/05/02 09:51:29 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2009/05/02 09:51:28 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2009/05/02 09:51:28 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2009/05/02 09:51:28 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2009/05/02 09:51:28 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2009/05/02 09:51:28 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2009/05/02 09:51:28 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2009/05/02 09:24:18 | 00,009,830 | ---- | C] () -- C:\WINDOWS\exefix.reg
[2009/05/01 21:03:39 | 01,179,648 | ---- | C] (Barking Dog Studios) -- C:\WINDOWS\System\cshell.dll
[2009/04/30 20:14:14 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/04/30 20:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/04/27 18:19:24 | 00,000,000 | ---D | C] -- C:\temp
[2009/04/27 18:18:52 | 26,860,032 | ---- | C] () -- D:\Documents and Settings\Angita\Desktop\UKCATPracticeQuestions.exe
[2009/04/27 18:06:32 | 01,083,392 | ---- | C] () -- D:\Documents and Settings\Angita\My Documents\Farnborough Routes into HE 2009 Soton rev.ppt
[2009/04/21 07:53:39 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/21 07:53:38 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/21 07:53:38 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/21 07:53:37 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/21 07:53:37 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/21 07:53:37 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/21 07:53:36 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/21 07:53:36 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/21 07:52:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/18 17:56:58 | 00,026,624 | ---- | C] () -- D:\Documents and Settings\Angita\My Documents\Back when I was a child song.doc
[2009/04/02 21:03:01 | 00,000,539 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/03/06 12:36:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/28 17:25:35 | 00,000,024 | ---- | C] () -- C:\WINDOWS\ShellIcon32.dll
[2008/12/06 21:23:55 | 00,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2008/12/06 20:21:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/06 20:19:26 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/11/28 18:03:51 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/09 10:28:22 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/11 15:42:35 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/08 08:22:50 | 00,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2008/10/06 19:20:04 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/09/15 19:29:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/15 17:57:27 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/09/15 17:45:02 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini
[2005/11/26 16:45:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/26 16:29:23 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/11/26 16:24:45 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005/11/26 16:16:43 | 00,007,576 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/11/26 16:13:12 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/26 15:59:26 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/11/26 15:59:26 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/11/26 15:59:26 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/11/26 15:59:26 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/10/21 16:28:56 | 00,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 18:13:32 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:38:23 | 00,000,747 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 17:38:18 | 00,000,781 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/23 14:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1980/01/01 01:00:00 | 01,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 01:00:00 | 00,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 01:00:00 | 00,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 01:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 01:00:00 | 00,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 01:00:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 01:00:00 | 00,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 01:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/15 17:50:54 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\Angita\Local Settings\desktop.ini
[2009/05/15 17:50:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 17:50:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/15 07:27:19 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2009/05/14 09:45:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/05/14 09:45:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/05/14 09:29:40 | 00,055,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/14 09:29:39 | 36,059,637 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/13 20:17:06 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/05/13 07:43:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/13 07:43:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/05/11 20:21:09 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\donuvaro
[2009/05/11 20:12:09 | 00,000,781 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/11 20:12:09 | 00,000,747 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/11 20:12:09 | 00,000,281 | -HS- | M] () -- C:\BOOT.INI
[2009/05/11 19:34:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 16:11:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/11 16:11:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/10 19:24:47 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/10 12:31:13 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/10 12:31:12 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/10 12:31:12 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/10 12:31:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/09 09:03:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/09 09:03:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/09 08:56:40 | 01,398,061 | -HS- | M] () -- C:\WINDOWS\System32\alanokeh.ini
[2009/05/08 16:25:03 | 00,000,797 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/08 16:24:57 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\gilavofi.exe
[2009/05/07 17:43:53 | 00,000,030 | ---- | M] () -- C:\WINDOWS\iedit.INI
[2009/05/07 14:15:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/07 14:15:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 21:57:24 | 01,424,207 | -HS- | M] () -- C:\WINDOWS\System32\ehusezez.ini
[2009/05/06 10:14:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/06 10:14:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/06 09:11:05 | 01,424,198 | -HS- | M] () -- C:\WINDOWS\System32\iwozituj.ini
[2009/05/05 08:07:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/05 08:07:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/04 16:13:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/04 16:13:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/04 10:08:13 | 01,425,359 | -HS- | M] () -- C:\WINDOWS\System32\ejusonos.ini
[2009/05/04 10:05:19 | 01,398,079 | -HS- | M] () -- C:\WINDOWS\System32\inazikun.ini
[2009/05/04 09:02:06 | 00,527,138 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/04 09:02:06 | 00,445,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/04 09:02:06 | 00,073,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/03 23:01:32 | 00,015,432 | ---- | M] (TENCENT) -- C:\WINDOWS\System32\TesDrvPt.sys
[2009/05/03 22:05:25 | 01,425,372 | -HS- | M] () -- C:\WINDOWS\System32\epowemot.ini
[2009/05/03 17:20:32 | 00,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/02 19:56:17 | 04,178,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_41.dll
[2009/05/02 09:52:00 | 00,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/05/02 09:24:19 | 00,009,830 | ---- | M] () -- C:\WINDOWS\exefix.reg
[2009/05/01 08:41:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/01 08:41:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/29 11:09:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/29 11:09:53 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/28 18:42:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/28 18:42:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/27 18:19:12 | 26,860,032 | ---- | M] () -- D:\Documents and Settings\Angita\Desktop\UKCATPracticeQuestions.exe
[2009/04/27 18:06:32 | 01,083,392 | ---- | M] () -- D:\Documents and Settings\Angita\My Documents\Farnborough Routes into HE 2009 Soton rev.ppt
[2009/04/27 17:54:03 | 00,063,248 | ---- | M] () -- D:\Documents and Settings\Angita\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/27 08:22:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/27 08:22:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/26 12:25:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/26 12:25:25 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/24 15:47:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/24 15:47:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/24 09:13:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/24 09:13:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/23 11:11:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/23 11:11:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/22 14:30:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/22 14:30:34 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/21 10:47:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/21 10:47:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/20 09:12:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/20 09:12:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/19 16:42:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/19 16:42:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/18 17:56:59 | 00,026,624 | ---- | M] () -- D:\Documents and Settings\Angita\My Documents\Back when I was a child song.doc
[2009/04/18 09:57:57 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 20:30:22 | 00,000,585 | ---- | M] () -- D:\Documents and Settings\Angita\My Documents\My Sharing Folders.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 67417 bytes -> C:\WINDOWS:svchost
< End of report >
















































OTListIt Extras logfile created on: 15/05/2009 18:02:27 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = D:\Documents and Settings\Angita\My Documents\My Received Files\SpywareGuard
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 124.02 Mb Available Physical Memory | 25.87% Memory free
2.00 Gb Paging File | 1.65 Gb Available in Paging File | 82.57% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 22.60 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 69.77 Gb Free Space | 62.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAHIPC
Current User Name: Angita
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2898857401-1343770028-3982664548-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"15959:TCP" = 15959:TCP:*:Enabled:BitComet 15959 TCP
"15959:UDP" = 15959:UDP:*:Enabled:BitComet 15959 UDP
"16050:TCP" = 16050:TCP:*:Enabled:BitComet 16050 TCP
"16050:UDP" = 16050:UDP:*:Enabled:BitComet 16050 UDP
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2005/03/08 07:03:34 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/03/08 07:03:18 | 00,038,000 | ---- | M] (America Online, Inc.) -- %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
[2005/03/08 07:03:34 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/05/10 12:30:52 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/05/10 12:27:42 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/04/14 01:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/10/10 18:10:10 | 00,159,744 | ---- | M] (Nexon) -- D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2009/05/07 14:17:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- D:\Documents and Settings\Angita\Desktop\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1
File not found -- C:\Program Files\GRT\WClient\WClient.exe:*:Enabled:WAYD Mite Program
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe
[2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2009/05/10 12:31:13 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx
File not found -- D:\Documents and Settings\Angita\My Documents\Downloads\CrossFire\CF_G4box.exe:*:Disabled:CrossFire
File not found -- C:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi Client
File not found -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Disabled:iMesh
File not found -- C:\Program Files\Kaiba Corp VDS\KCVDS.exe:*:Enabled:KCVDS
[2005/07/04 17:12:10 | 01,024,272 | ---- | M] (Norman) -- C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe:*:Disabled:Ad-Aware
File not found -- C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5C1178ED-7A1D-4EA6-A78D-FE526091DC4B}" = Wallpapers from MSN
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"GMailFS" = GMail Drive Shell Extension
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.14
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"TuxGuitar_0" = TuxGuitar 1.0
"UnityWebPlayer" = Unity Web Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Zeus" = Zeus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/05/2009 14:33:22 | Computer Name = SAHIPC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/05/2009 10:36:17 | Computer Name = SAHIPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2009 12:36:54 | Computer Name = SAHIPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2009 12:38:11 | Computer Name = SAHIPC | Source = Application Hang | ID = 1001
Description = Fault bucket 1203548446.

Error - 12/05/2009 13:29:50 | Computer Name = SAHIPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x00050f03.

Error - 12/05/2009 16:11:13 | Computer Name = SAHIPC | Source = Application Hang | ID = 1002
Description = Hanging application avgui.exe, version 8.5.0.318, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/05/2009 17:02:27 | Computer Name = SAHIPC | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 12/05/2009 17:11:37 | Computer Name = SAHIPC | Source = Application Hang | ID = 1002
Description = Hanging application MATHSWATCH_Higher.exe, version 4.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/05/2009 12:31:16 | Computer Name = SAHIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/05/2009 12:47:25 | Computer Name = SAHIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 15/05/2009 12:35:09 | Computer Name = SAHIPC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 15/05/2009 12:36:26 | Computer Name = SAHIPC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 15/05/2009 12:36:26 | Computer Name = SAHIPC | Source = Service Control Manager | ID = 7000
Description = The RemotelyAnywhere Kernel Information Provider service failed to
start due to the following error: %%3

Error - 15/05/2009 12:36:26 | Computer Name = SAHIPC | Source = Service Control Manager | ID = 7000
Description = The RemotelyAnywhere Maintenance Service service failed to start due
to the following error: %%3

Error - 15/05/2009 12:37:08 | Computer Name = SAHIPC | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 000006ea, parameter2 00000002, parameter3
00000008, parameter4 000006ea.

Error - 15/05/2009 12:50:13 | Computer Name = SAHIPC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 15/05/2009 12:50:54 | Computer Name = SAHIPC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 15/05/2009 12:50:54 | Computer Name = SAHIPC | Source = Service Control Manager | ID = 7000
Description = The RemotelyAnywhere Kernel Information Provider service failed to
start due to the following error: %%3

Error - 15/05/2009 12:50:54 | Computer Name = SAHIPC | Source = Service Control Manager | ID = 7000
Description = The RemotelyAnywhere Maintenance Service service failed to start due
to the following error: %%3

Error - 15/05/2009 12:52:51 | Computer Name = SAHIPC | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 000006ea, parameter2 00000002, parameter3
00000008, parameter4 000006ea.


< End of report >

Edited by pradeepsahi, 15 May 2009 - 12:22 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 AM

Posted 15 May 2009 - 02:44 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O1 - Hosts: 82.98.231.89 url.adtrgt.com
    O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
    O3 - HKU\S-1-5-21-2898857401-1343770028-3982664548-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
    O33 - MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\Shell\Explore\command - "" = system.exe
    O33 - MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\Shell\Open\command - "" = system.exe
    O33 - MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\Shell\Explore\command - "" = system.exe
    O33 - MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\Shell\Open\command - "" = system.exe
    
    :Files
    C:\WINDOWS\System32\alanokeh.ini
    C:\WINDOWS\System32\ehusezez.ini
    C:\WINDOWS\System32\iwozituj.ini
    C:\WINDOWS\System32\inazikun.ini
    C:\WINDOWS\System32\ejusonos.ini
    C:\WINDOWS\System32\epowemot.ini
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 pradeepsahi

pradeepsahi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 16 May 2009 - 05:56 AM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-16 11:55:35
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spey.sys ZwCreateKey [0xF74610E0]
SSDT spey.sys ZwEnumerateKey [0xF747FCA2]
SSDT spey.sys ZwEnumerateValueKey [0xF7480030]
SSDT spey.sys ZwOpenKey [0xF74610C0]
SSDT spey.sys ZwQueryKey [0xF7480108]
SSDT spey.sys ZwQueryValueKey [0xF747FF88]
SSDT spey.sys ZwSetValueKey [0xF748019A]

INT 0x62 ? 85BDFBF8
INT 0x82 ? 85BDFBF8
INT 0x83 ? 85BDFBF8
INT 0x84 ? 85961BF8
INT 0x94 ? 85961BF8
INT 0xA4 ? 85961BF8
INT 0xB4 ? 85961BF8

---- Kernel code sections - GMER 1.0.15 ----

? spey.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6D028AC 5 Bytes JMP 859611D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7462040] spey.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F746213C] spey.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74620BE] spey.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74627FC] spey.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74626D2] spey.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7472048] spey.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B5D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 85960500
Device \Driver\usbohci \Device\USBPDO-1 85960500
Device \Driver\usbohci \Device\USBPDO-2 85960500
Device \Driver\usbehci \Device\USBPDO-3 85954500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 85BE01F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\Ftdisk \Device\HarddiskVolume2 85BE01F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\Cdrom \Device\CdRom0 85A0E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 85BE01F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\NetBT \Device\NetBT_Tcpip_{7B75BC2D-B9CC-4547-974F-441BAED0B7D1} 856E3500
Device \Driver\NetBT \Device\NetBt_Wins_Export 856E3500
Device \Driver\NetBT \Device\NetbiosSmb 856E3500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 85960500
Device \Driver\usbohci \Device\USBFDO-1 85960500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85A38368
Device \Driver\usbohci \Device\USBFDO-2 85960500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85A38368
Device \Driver\usbehci \Device\USBFDO-3 85954500
Device \Driver\Ftdisk \Device\FtControl 85BE01F8
Device \FileSystem\Fastfat \Fat 856AA500
Device \FileSystem\Fastfat \Fat F20F6297

AttachedDevice \FileSystem\Fastfat \Fat SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Cdfs \Cdfs 859A5500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC3 0xF6 0x78 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC3 0xF6 0x78 0xF5 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B76D48-B991-B848-9BA5-6AFFD83137DB}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B76D48-B991-B848-9BA5-6AFFD83137DB}@halbckoeiaikjppl 0x66 0x61 0x70 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B76D48-B991-B848-9BA5-6AFFD83137DB}@iakaipgmnelldjmhgn 0x6A 0x61 0x6F 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00B76D48-B991-B848-9BA5-6AFFD83137DB}@haapknefplkllbfe 0x69 0x61 0x6E 0x65 ...

---- EOF - GMER 1.0.15 ----

#6 pradeepsahi

pradeepsahi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 16 May 2009 - 06:21 AM

========== OTLISTIT ==========
82.98.231.89 url.adtrgt.com removed from HOSTS file successfully
82.98.231.89 googleads2.gdoubleclick.net removed from HOSTS file successfully
Registry value HKEY_USERS\S-1-5-21-2898857401-1343770028-3982664548-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3910a06a-b3ff-11dd-99fc-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3910a06a-b3ff-11dd-99fc-00038a000015}\ not found.
File system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910a06a-b3ff-11dd-99fc-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3910a06a-b3ff-11dd-99fc-00038a000015}\ not found.
File system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3910a06b-b3ff-11dd-99fc-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3910a06b-b3ff-11dd-99fc-00038a000015}\ not found.
File system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910a06b-b3ff-11dd-99fc-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3910a06b-b3ff-11dd-99fc-00038a000015}\ not found.
File system.exe not found.
========== FILES ==========
C:\WINDOWS\System32\alanokeh.ini moved successfully.
C:\WINDOWS\System32\ehusezez.ini moved successfully.
C:\WINDOWS\System32\iwozituj.ini moved successfully.
C:\WINDOWS\System32\inazikun.ini moved successfully.
C:\WINDOWS\System32\ejusonos.ini moved successfully.
C:\WINDOWS\System32\epowemot.ini moved successfully.
========== COMMANDS ==========
File delete failed. D:\Documents and Settings\Angita\Local Settings\Temp\etilqs_a4URA3w1JTFgtJ5swV7G scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Angita\Local Settings\Temp\Perflib_Perfdata_f3c.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_20c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05162009_084348

Files moved on Reboot...
File D:\Documents and Settings\Angita\Local Settings\Temp\etilqs_a4URA3w1JTFgtJ5swV7G not found!
File D:\Documents and Settings\Angita\Local Settings\Temp\Perflib_Perfdata_f3c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_20c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_9c.dat moved successfully.

Registry entries deleted on Reboot...

#7 pradeepsahi

pradeepsahi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 16 May 2009 - 06:30 AM

i uninstalled the old java .
i have the latest Java (13) Runtime Environment (JRE) version.

Edited by pradeepsahi, 16 May 2009 - 11:30 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 AM

Posted 16 May 2009 - 02:31 PM

Have you run a Kaspersky scan yet?
Please post that log when you have it.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 AM

Posted 31 May 2009 - 09:48 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users