Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Always Crashes


  • This topic is locked This topic is locked
30 replies to this topic

#1 DanFerret

DanFerret

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 16 May 2009 - 02:21 PM

Right so Ive had problems with viruses, spyware and malware before but right now everytime I open My documents or anything that used Windows explorer it crashes, Im thinking that its something nasty on my Computer that is causing the trouble.

Ive ran a scan with Avira and scans with SUPERAntiSpyware and Spybot Search and Destroy and it still hasnt removed the problem.

Any help would be greatly appreciated.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:09, on 16/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\System32\CTsvcCDA.exe
E:\WINDOWS\system32\dlcgcoms.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Dell Support Center\bin\sprtsvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\WINDOWS\system32\taskswitch.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\COMODO\COMODO Internet Security\cfp.exe
E:\Program Files\Dell Support Center\bin\sprtcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\WINDOWS\system32\WISPTIS.EXE
E:\WINDOWS\explorer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [type32] "E:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "E:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [dellsupportcenter] "E:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] E:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by YouTube Robot - res://E:\Program Files\YouTubeRobot\RobotExt.ocx/ALL.HTM
O8 - Extra context menu item: Download by YouTube Robot - res://E:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - E:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145273794950
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7529A98E-F5D6-4599-AB34-E9220D509E31}: NameServer = 194.72.0.98,194.74.65.68
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcg_device - - E:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - E:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - E:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - E:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - E:\WINDOWS\System32\TUProgSt.exe

--
End of file - 15092 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:28 PM

Posted 30 May 2009 - 01:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DanFerret

DanFerret
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 May 2009 - 06:19 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Squirell at 12:17:07.29 on 31/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2559.1647 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
E:\WINDOWS\system32\svchost.exe -k netsvcs
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\CTsvcCDA.exe
E:\WINDOWS\system32\dlcgcoms.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Dell Support Center\bin\sprtsvc.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\System32\TUProgSt.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\WINDOWS\system32\taskswitch.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\COMODO\COMODO Internet Security\cfp.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Steam\Steam.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\TuneUpDefragService.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Squirell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=13162&l=dis
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - e:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\googletoolbar3.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\googletoolbar3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\askbardis\bar\bin\askBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MessengerPlus3] "e:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "e:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [type32] "e:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "e:\program files\microsoft intellipoint\point32.exe"
mRun: [CoolSwitch] e:\windows\system32\taskswitch.exe
mRun: [SoundMAXPnP] e:\program files\analog devices\core\smax4pnp.exe
mRun: [DLCGCATS] rundll32 e:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "e:\program files\dell aio 810\dlcgmon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [COMODO Internet Security] "e:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [dellsupportcenter] "e:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
dRun: [Nokia.PCSync] e:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [DWQueuedReporting] "e:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Samsung.PCSync] e:\program files\samsung\samsung pc studio 7\PcSync2.exe /NoDialog
mPolicies-explorer: <NO NAME> =
IE: Append Link Target to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - e:\program files\flashget\jc_all.htm
IE: Download all by YouTube Robot - e:\program files\youtuberobot\RobotExt.ocx/ALL.HTM
IE: Download by YouTube Robot - e:\program files\youtuberobot\RobotExt.ocx/LINK.HTM
IE: Download using FlashGet - e:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - e:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://e:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - e:\program files\yahoo!\common\yucconfig.dll
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145273794950
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {7529A98E-F5D6-4599-AB34-E9220D509E31} = 194.72.0.98,194.74.65.68
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - e:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: MCPClient - e:\progra~1\common~1\stardock\mcpstub.dll
AppInit_DLLs: wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - e:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\squirell\applic~1\mozilla\firefox\profiles\psm4a3p4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|http://www.oleole.com/blogs/arseblog|http://mail.live.com/default.aspx?wa=wsignin1.0
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: e:\documents and settings\squirell\application data\mozilla\firefox\profiles\psm4a3p4.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: e:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
FF - plugin: e:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: e:\program files\microsoft\office live\npOLW.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npietab.dll
FF - plugin: e:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: e:\program files\mozilla firefox\plugins\NPnsv_vp3_mp3.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: e:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: e:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: e:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: e:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: e:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
e:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-1-27 64160]
R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2009-5-15 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;e:\windows\system32\drivers\cmdguard.sys [2008-11-9 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [2008-11-9 24096]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2009-5-15 108289]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2009-5-15 185089]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2009-5-15 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;e:\program files\comodo\comodo internet security\cmdagent.exe [2008-11-9 692496]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;e:\windows\system32\TUProgSt.exe [2009-5-18 604416]
R2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 bbcap;bbcap;e:\windows\system32\drivers\bbcap.sys [2008-5-17 4096]
R3 SNPHV71;PC Camera (602a VGA);e:\windows\system32\drivers\snphv71.sys [2005-5-30 231040]
S0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys --> e:\windows\system32\drivers\pavboot.sys [?]
S1 KLIF;KLIF;e:\windows\system32\drivers\klif.sys --> e:\windows\system32\drivers\klif.sys [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\e:\windows\system32\drivers\nsdriver.sys --> e:\windows\system32\drivers\NSDriver.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;e:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 getPlus® Helper;getPlus® Helper;e:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-26 33752]
S3 nmwcdsa;Samsung USB Phone Parent;e:\windows\system32\drivers\nmwcdsa.sys [2009-2-17 135680]
S3 nmwcdsac;Samsung USB Generic;e:\windows\system32\drivers\nmwcdsac.sys [2009-2-17 8320]
S3 nmwcdsacj;Samsung USB Port;e:\windows\system32\drivers\nmwcdsacj.sys [2009-2-17 12288]
S3 nmwcdsacm;Samsung USB Modem;e:\windows\system32\drivers\nmwcdsacm.sys [2009-2-17 12288]
S3 PSI;PSI;e:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 ultradfg;ultradfg;e:\windows\system32\drivers\ultradfg.sys [2009-5-13 33792]

=============== Created Last 30 ================

2009-05-30 01:41 <DIR> --d----- e:\program files\Red Kawa
2009-05-29 14:55 <DIR> --dsh--- e:\documents and settings\squirell\PrivacIE
2009-05-29 01:23 <DIR> --d----- e:\docume~1\squirell\applic~1\Blender Foundation
2009-05-24 19:50 1,970,176 a------- e:\windows\system32\d3dx9.dll
2009-05-24 19:50 679,936 a------- e:\windows\system32\D3DX81ab.dll
2009-05-24 19:50 <DIR> --d----- e:\program files\Cheat Engine
2009-05-23 10:53 <DIR> --d----- e:\program files\AskBarDis
2009-05-18 13:02 485,795 a------- E:\fraglist.luar
2009-05-18 11:48 604,416 a------- e:\windows\system32\TUProgSt.exe
2009-05-18 11:47 28,928 a------- e:\windows\system32\uxtuneup.dll
2009-05-18 11:47 361,216 a------- e:\windows\system32\TuneUpDefragService.exe
2009-05-17 17:51 <DIR> --dsh--- e:\documents and settings\squirell\IETldCache
2009-05-17 01:30 <DIR> -cd-h--- e:\windows\ie8
2009-05-16 20:43 <DIR> --d----- e:\windows\UltraDefrag
2009-05-15 14:10 55,640 a------- e:\windows\system32\drivers\avgntflt.sys
2009-05-15 14:10 <DIR> --d----- e:\program files\Avira
2009-05-15 14:10 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Avira
2009-05-02 15:41 <DIR> --d----- e:\program files\BreakPoint Software

==================== Find3M ====================

2009-05-25 15:59 34 a------- e:\documents and settings\squirell\jagex_runescape_preferences.dat
2009-05-18 11:39 168,208 a------- e:\windows\system32\guard32.dll
2009-05-18 11:39 24,096 a------- e:\windows\system32\drivers\cmdhlp.sys
2009-05-18 11:39 132,640 a------- e:\windows\system32\drivers\cmdguard.sys
2009-04-04 16:20 164,352 a------- e:\windows\system32\SpoonUninstall.exe
2009-03-08 04:34 914,944 a------- e:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- e:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- e:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- e:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- e:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- e:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- e:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- e:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- e:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- e:\windows\system32\msls31.dll
2009-03-07 23:07 737,280 a------- e:\windows\iun6002.exe
2009-03-06 15:22 284,160 a------- e:\windows\system32\pdh.dll
2009-03-06 00:59 1,900,544 a------- e:\windows\system32\usbaaplrc.dll
2009-03-04 23:39 226,148 a---h--- e:\windows\system32\mlfcache.dat
2007-10-23 12:45 87,400 a------- e:\documents and settings\squirell\UnHyCam2.exe
2006-09-29 16:01 774,144 a------- e:\program files\RngInterstitial.dll
2005-05-25 17:30 76 a---h--- e:\program files\Desktop.ini
2007-09-26 16:50 80 ---shr-- e:\windows\system32\05D07F84ED.dll
2008-08-20 17:13 32,768 a--sh--- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat

============= FINISH: 12:18:35.18 ===============

Edited by DanFerret, 31 May 2009 - 06:20 AM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 01 June 2009 - 04:51 PM

Hi danferret,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 DanFerret

DanFerret
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 01 June 2009 - 04:58 PM

Thanks for your reply.

Im subscribed to this thread and have it bookmarked been checking it every few hours for a reply lol.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 01 June 2009 - 07:00 PM

Hi danferret,

You have some spyware on your PC.

To shift it we have to make sure we get all its components.

First

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 DanFerret

DanFerret
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 02 June 2009 - 04:27 PM

Been having trouble posting the logs because they are too large to be posted. They are also too big to be uploaded as an attachment. I will try and split them up so they fit.

Edit - had no luck posting the logs they would of had to be seperated over too many posts.

Here is a link to download a .zip with the logs if that is ok?

http://www.zshare.net/download/60862623597264de/

Edited by DanFerret, 02 June 2009 - 04:35 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 02 June 2009 - 04:43 PM

Yeah, that's fine.

I'll be back later. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 02 June 2009 - 05:29 PM

Hi Danferret

Wow, you got some stuff on your PC! I think we will stick with the DDS logs for now. :thumbup2:

The logs look clean so let's run something that will show if anything is hiding.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :)
Posted Image
m0le is a proud member of UNITE

#10 DanFerret

DanFerret
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 03 June 2009 - 03:32 PM

Took ALOT longer than I expected....but 20 hours later here is the log!

Malwarebytes' Anti-Malware 1.37
Database version: 2217
Windows 5.1.2600 Service Pack 3

03/06/2009 21:29:36
mbam-log-2009-06-03 (21-29-36).txt

Scan type: Full Scan (C:\|E:\|G:\|)
Objects scanned: 758227
Time elapsed: 20 hour(s), 13 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e055c02e-6258-40ff-80a7-3bda52facad7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d19781c5-2051-44f8-8445-ddc82933c191} (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b8202e88-1a5f-49e9-872f-d24762136f19} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c1cccf7-2adf-4948-bc24-3386361861d9} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5e84a6ea-e1a5-4758-8aa5-4d1a8f3a8c1e} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8eb9ad8f-852a-403a-8967-187ab8b0ddf1} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6ca4c4b-e9c8-4ef0-8c7b-c1ea9782ec2c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f4b5971f-4b9e-4b5a-a6eb-7cbdc5efe406} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\program files\k-lite codec pack\quicktime\QuickTimePlayer.exe (Rogue.Installer) -> Quarantined and deleted successfully.
e:\program files\k-lite codec pack\tools\fixcodecs.exe (Rogue.Installer) -> Quarantined and deleted successfully.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 03 June 2009 - 05:39 PM

Hi DanFerret,

MBAM has deleted quite a bit there but some of these infections return after rebooting.

BitDefender scans and removes so let's see what it picks up.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Please also post a DDS log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 DanFerret

DanFerret
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 03 June 2009 - 06:51 PM

Been having some trouble with this BitDefender website. I accept to install the ActiveX addon and the following error comes up :

Posted Image

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 03 June 2009 - 06:56 PM

Okay, that may be due to which browser you are using.

No problem. Let's run a similar one that doesn't need ActiveX permission.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Please also post a new OTViewIt log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 DanFerret

DanFerret
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 05 June 2009 - 06:15 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 04, 2009 18:20:49
Records in database: 2306762
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
I:\

Scan statistics:
Files scanned: 544138
Threat name: 13
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 13:55:46


File name / Threat name / Threats count
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\framepb_1u[1].html Infected: Trojan-Clicker.HTML.IFrame.bk 1
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\C94Z0JOR\framepb_1u[1].html Infected: Trojan-Clicker.HTML.IFrame.bk 1
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\OD4XERK9\frame_1u[1].html Infected: Trojan-Clicker.HTML.IFrame.bk 1
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\Norton AntiVirus\Quarantine\06437D4E Infected: Trojan.WinREG.StartPage 1
C:\Program Files\Norton AntiVirus\Quarantine\087B5660 Infected: Exploit.HTML.Mht 1
C:\Program Files\Norton AntiVirus\Quarantine\192842DB Infected: Exploit.HTML.Mht 1
C:\Program Files\Norton AntiVirus\Quarantine\196A63AB.htm Infected: Trojan.JS.Minor.a 1
C:\Program Files\Norton AntiVirus\Quarantine\409857BB Infected: Trojan-Clicker.VBS.Krepper.a 1
C:\Program Files\Serv-U\ServUAdmin.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 1
C:\Program Files\Serv-U\ServUTray.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0091111.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP549\A0095596.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 1
E:\Documents and Settings\Squirell\.housecall6.6\Quarantine\mobile phone games wet and wild.zip.bac_a06448 Infected: not-a-virus:AdWare.Win32.TrafficSol.n 1
E:\Documents and Settings\Squirell\.housecall6.6\Quarantine\mobile phone games wet and wild.zip.bac_a06448 Infected: not-a-virus:AdWare.Win32.BHO.ha 1
E:\Documents and Settings\Squirell\.housecall6.6\Quarantine\mobile phone games wet and wild.zip.bac_a06448 Infected: not-a-virus:AdWare.Win32.BHO.lq 1
E:\Documents and Settings\Squirell\.housecall6.6\Quarantine\sS.bac_a06448 Infected: not-a-virus:AdWare.Win32.TrafficSol.n 1
E:\Documents and Settings\Squirell\.housecall6.6\Quarantine\sS.bac_a06448 Infected: not-a-virus:AdWare.Win32.BHO.ha 1
E:\Documents and Settings\Squirell\.housecall6.6\Quarantine\sS.bac_a06448 Infected: not-a-virus:AdWare.Win32.BHO.lq 1
E:\Excursion9.5\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
E:\Program Files\Stardock\ObjectDock\DockShellHook.dll Infected: Trojan.Win32.Agent.agef 1

The selected area was scanned.

Does this Kaspersky scan not delete/quarantine the viruses but just show what is there?

OTViewIt logfile created on: 05/06/2009 12:13:44 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = E:\Documents and Settings\Squirell\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.78% Memory free
4.00 Gb Paging File | 3.41 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): E:\pagefile.sys 2048 2048;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 74.45 Gb Total Space | 46.62 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive D: | 7.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 114.48 Gb Total Space | 1.93 Gb Free Space | 1.68% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465.65 Gb Total Space | 247.77 Gb Free Space | 53.21% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UPSTAIRS
Current User Name: Squirell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/05/18 11:38:48 | 00,692,496 | ---- | M] () -- E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe
[2009/04/01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
[2009/03/02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTsvcCDA.EXE
[2006/11/03 11:28:22 | 00,537,480 | ---- | M] ( ) -- E:\WINDOWS\system32\dlcgcoms.exe
[2003/07/28 16:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\nvsvc32.exe
[2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- E:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2009/05/18 11:48:03 | 00,604,416 | ---- | M] (TuneUp Software) -- E:\WINDOWS\system32\TUProgSt.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\MsPMSPSv.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\wmpnetwk.exe
[2005/05/10 13:31:22 | 00,241,664 | ---- | M] (Stardock) -- E:\Program Files\Common Files\Stardock\SDMCP.exe
[2004/06/03 09:51:27 | 00,172,032 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft IntelliType Pro\type32.exe
[2004/06/03 09:50:07 | 00,204,800 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft IntelliPoint\point32.exe
[2002/03/19 17:30:00 | 00,045,632 | ---- | M] () -- E:\WINDOWS\system32\TaskSwitch.exe
[2004/10/14 15:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- E:\Program Files\Analog Devices\Core\smax4pnp.exe
[2009/05/18 11:38:57 | 01,794,320 | ---- | M] () -- E:\Program Files\COMODO\COMODO Internet Security\cfp.exe
[2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[2008/04/14 01:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wscntfy.exe
[2009/05/31 18:24:04 | 01,217,784 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe
[2009/04/30 20:32:38 | 00,307,704 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
[2009/06/04 18:07:58 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- E:\Documents and Settings\Squirell\Local Settings\Temp\jkos-Squirell\binaries\ScanningProcess.exe
[2009/06/02 14:22:42 | 00,422,912 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Squirell\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/04 11:48:10 | 00,288,112 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
[2009/04/01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
[2009/03/02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/12/13 16:58:02 | 00,106,496 | ---- | M] () -- E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Disabled | Stopped])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2009/05/18 11:38:48 | 00,692,496 | ---- | M] () -- E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2006/11/03 11:28:22 | 00,537,480 | ---- | M] ( ) -- E:\WINDOWS\system32\dlcgcoms.exe -- (dlcg_device [Auto | Running])
[2009/02/06 17:52:52 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (FreePOPs [Disabled | Stopped])
[2008/12/01 12:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- E:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2007/02/02 16:54:30 | 00,138,168 | ---- | M] (Google) -- E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/03/12 21:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2003/03/31 15:34:14 | 00,282,684 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [Disabled | Stopped])
[2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped])
[2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- E:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 16:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- E:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2009/05/18 11:47:55 | 00,361,216 | ---- | M] (TuneUp Software) -- E:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
[2009/05/18 11:48:03 | 00,604,416 | ---- | M] (TuneUp Software) -- E:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2009/03/28 16:49:36 | 00,073,312 | ---- | M] (Adobe Systems, Inc.) -- E:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- E:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
[2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- E:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
[2002/07/17 02:05:10 | 00,016,512 | ---- | M] (Adaptec) -- E:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
[2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt [Auto | Running])
[2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- E:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2008/05/17 12:55:47 | 00,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- E:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap [On_Demand | Running])
[2004/10/19 11:39:26 | 00,020,096 | ---- | M] (IVT Corporation) -- E:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2004/09/21 18:15:34 | 00,010,804 | ---- | M] (IVT Corporation) -- E:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT [On_Demand | Stopped])
[2004/12/01 17:55:32 | 00,022,488 | ---- | M] (IVT Corporation) -- E:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
[2004/09/21 18:18:02 | 00,011,604 | ---- | M] () -- E:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2004/10/19 13:40:56 | 00,028,207 | ---- | M] (IVT Corporation) -- E:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2004/12/16 16:32:54 | 00,013,304 | ---- | M] () -- E:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
[2007/12/10 04:00:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/12/10 04:00:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2009/05/18 11:39:28 | 00,132,640 | ---- | M] (COMODO) -- E:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2009/05/18 11:39:34 | 00,024,096 | ---- | M] (COMODO) -- E:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2003/09/22 08:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- E:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Stopped])
[2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- E:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Stopped])
[2003/01/10 11:56:34 | 00,030,921 | ---- | M] (Service & Quality Technology.) -- E:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH [On_Demand | Stopped])
[2003/03/31 15:34:14 | 00,036,730 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam [System | Running])
[2003/03/31 15:34:14 | 00,061,568 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
[2003/02/21 12:57:56 | 00,037,941 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K [Auto | Running])
[2003/03/31 15:34:14 | 00,008,058 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps [On_Demand | Stopped])
[2003/03/31 15:34:14 | 00,061,114 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP [On_Demand | Stopped])
[2003/03/04 13:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- E:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro [Auto | Running])
[2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- E:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr [Auto | Running])
[2003/03/31 15:34:14 | 00,134,421 | ---- | M] (Eastman Kodak Company) -- E:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit [System | Stopped])
[2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2009/01/15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- E:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/10/28 14:23:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- E:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2009/05/18 11:39:34 | 00,082,080 | ---- | M] (COMODO) -- E:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2008/04/13 19:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2009/01/27 14:55:10 | 00,064,160 | ---- | M] (Lavasoft AB) -- E:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2005/09/24 00:18:32 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- E:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2008/05/07 08:38:20 | 00,017,536 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[2008/05/07 08:38:20 | 00,020,864 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
[2007/05/02 17:32:34 | 00,135,680 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa [On_Demand | Stopped])
[2007/05/02 17:31:54 | 00,008,320 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac [On_Demand | Stopped])
[2007/05/02 17:31:54 | 00,012,288 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj [On_Demand | Stopped])
[2007/05/02 17:31:54 | 00,012,288 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm [On_Demand | Stopped])
[2007/08/31 19:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])
[2003/07/28 16:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- E:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/09/22 08:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2003/09/22 12:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\P16X.sys -- (P16X [On_Demand | Running])
[2005/08/26 18:48:48 | 00,026,093 | ---- | M] () -- E:\WINDOWS\System32\drivers\p2k.inf -- (P2k [On_Demand | Stopped])
[2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- E:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
[2002/11/11 16:52:58 | 00,009,856 | ---- | M] (Padus, Inc.) -- E:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/03/05 13:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2004/06/03 09:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2008/12/10 15:17:14 | 00,007,808 | ---- | M] (Secunia) -- E:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI [On_Demand | Stopped])
[2002/09/03 17:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/06 04:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/09/03 17:56:37 | 00,005,888 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2009/05/07 08:12:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/06/06 05:01:51 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/09/17 10:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2005/01/27 16:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- E:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2002/11/08 17:24:20 | 00,231,040 | ---- | M] () -- E:\WINDOWS\system32\drivers\snphv71.sys -- (SNPHV71 [On_Demand | Running])
[2004/07/21 15:24:02 | 00,341,096 | ---- | M] (Symantec Corporation) -- E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2009/01/14 14:40:00 | 00,717,296 | ---- | M] () -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2009/02/13 12:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2002/10/04 23:12:48 | 00,019,968 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (STYLEXPHELPER [System | Running])
[2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2008/08/17 14:08:56 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- E:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2009/05/13 15:37:10 | 00,033,792 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\system32\drivers\ultradfg.sys -- (ultradfg [On_Demand | Stopped])
[2008/06/06 10:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- E:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[2009/03/06 00:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- E:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 19:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008/05/07 08:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- E:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
[2004/10/19 13:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- E:\WINDOWS\system32\drivers\VComm.sys -- (VComm [On_Demand | Running])
[2004/11/05 11:39:08 | 00,082,148 | ---- | M] (IVT Corporation) -- E:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2002/09/03 18:14:25 | 00,012,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2005/10/17 19:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- E:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=E:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/bin/search?p={searchTerms}
"Start Page Redirect Cache"=http://uk.msn.com/?ocid=iehp
"Start Page Redirect Cache AcceptLangs"=en-gb
"Start Page Redirect Cache_TIMESTAMP"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"@"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/bin/search?p={searchTerms}
"Start Page Redirect Cache"=http://uk.msn.com/?ocid=iehp
"Start Page Redirect Cache AcceptLangs"=en-gb
"Start Page Redirect Cache_TIMESTAMP"=

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"@"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (293573 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
10123 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- E:\Program Files\Adobe [2009/05/13 22:16:00 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} (HKLM) -- E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} (HKLM) -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" (HKLM) -- E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- E:\Program Files\Adobe [2009/05/13 22:16:00 | 00,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"Locked" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
"COMODO Internet Security"="E:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
"CoolSwitch"=E:\WINDOWS\system32\taskswitch.exe ()
"dellsupportcenter"="E:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter (SupportSoft, Inc.)
"DLCGCATS"=rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 ()
"dlcgmon.exe"="E:\Program Files\Dell AIO 810\dlcgmon.exe" (Dell)
"IntelliPoint"="E:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
"NvCplDaemon"=RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /install (NVIDIA Corporation)
"SoundMAXPnP"=E:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"type32"="E:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
"Nokia.PCSync"=E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
"Samsung.PCSync"=E:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog (Time Information Services Ltd.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
"Nokia.PCSync"=E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
"Samsung.PCSync"=E:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog (Time Information Services Ltd.)

========== (O4) Startup Folders ==========

File not found -- E:\Documents and Settings\Hamster\Start Menu\Programs\Startup\IMVU.lnk = E:\Program Files\IMVU\gui1.exe
[2008/10/25 08:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- E:\Documents and Settings\Hamster\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/04/03 18:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/04/03 18:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [2007/09/25 02:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 11:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 11:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-725345543-1960408961-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000161-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaud.cab -- Reg Error: Key does not exist or could not be opened.
{00B71CFB-6864-4346-A978-C0A14556272C}: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab -- Checkers Class
{01113300-3E00-11D2-8470-0060089874ED}: http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab -- Support.com Configuration Class
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.euro.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab -- CKAVWebScan Object
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{1803B9EF-9905-4F34-AFC4-05D1BAB28801}: http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab -- RegUserCfgUI Class
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}: http://musicmix.messenger.msn.com/Medialogic.CAB -- CMediaMix Object
{231B1C6E-F934-42A2-92B6-C2FEFEC24276}: E:\Program Files\Yahoo!\common\yucconfig.dll -- yucsetreg Class
{2917297F-F02B-4B9D-81DF-494B6333150B}: http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab -- Minesweeper Flags Class
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc2.cab -- Office Update Installation Engine
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/...can8/oscan8.cab -- BDSCANONLINE Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1145273794950 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7}: http://www.linksysfix.com/netcheck/67/install/gtdownls.cab -- LinkSys Content Update
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/msnmesse...pdownloader.cab -- MsnMessengerSetupDownloadControl Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab -- ZoneIntro Class
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://download.yahoo.com/dl/installs/yab_af.cab -- Reg Error: Key does not exist or could not be opened.
{BD393C14-72AD-4790-A095-76522973D6B8}: http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab -- CBreakshotControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{E6187999-9FEC-46A1-A20F-F4CA977D5643}: http://messenger.zone.msn.com/binary/Chess.cab31267.cab -- ZoneChess Object
{E856B973-45FD-4559-8F82-EAB539144667}: http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab -- Dell PC Checkup Installer Control
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}: http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab -- Solitaire Showdown Class
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}: http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab -- IWinAmpActiveX Class
DirectAnimation Java Classes: file://E:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://E:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{7529A98E-F5D6-4599-AB34-E9220D509E31} (Servers: 194.72.0.98,194.74.65.68 | Description: Intel® PRO/100 VE Network Connection)
{A087BDF1-E9A4-43D6-8C65-6F3202BB409A} (Servers: | Description: 1394 Net Adapter)
{A9F59BC6-693F-4B8A-9EE2-320E7F42F5EB} (Servers: | Description: )
{BF955539-15F6-4655-BC42-079B8B99BD44} (Servers: | Description: )
{CA45594C-93EE-4B0E-B71A-ECC228673161} (Servers: | Description: Wireless-G Portable USB Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=wbsys.dll
>[2008/04/26 16:14:22 | 00,042,672 | ---- | M] (Stardock.Net, Inc) -- E:\WINDOWS\system32\wbsys.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
MCPClient: "DllName" = E:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll -- E:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"={F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} (HKLM) -- E:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/02/29 15:35:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

auto save.fm [fmf. | ]
File not found -- -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3bf226-61fe-11db-bde8-0007e948b692}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3bf226-61fe-11db-bde8-0007e948b692}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b3bf226-61fe-11db-bde8-0007e948b692}\Shell\AutoRun\command]
""=F:\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba1d8a0a-dceb-11dd-baca-0012177ddb4f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba1d8a0a-dceb-11dd-baca-0012177ddb4f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba1d8a0a-dceb-11dd-baca-0012177ddb4f}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba1d8a0f-dceb-11dd-baca-0012177ddb4f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba1d8a0f-dceb-11dd-baca-0012177ddb4f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba1d8a0f-dceb-11dd-baca-0012177ddb4f}\Shell\AutoRun\command]
""=L:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e37186dc-e054-11da-bdbe-0007e948b692}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e37186dc-e054-11da-bdbe-0007e948b692}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e37186dc-e054-11da-bdbe-0007e948b692}\Shell\AutoRun\command]
""=E:\WINDOWS\system32\shell32.dll -- [2008/06/17 20:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 E:\WINDOWS\*.tmp files]
[2009/06/04 00:47:51 | 00,000,000 | ---D | C] -- E:\WINDOWS\LastGood
[2009/06/04 00:38:16 | 00,035,366 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\Clipboard01.jpg
[2009/06/03 21:34:36 | 00,000,000 | ---D | C] -- E:\Avenger
[2009/06/03 00:02:15 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Squirell\Application Data\Malwarebytes
[2009/06/03 00:02:09 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/03 00:02:07 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/03 00:02:06 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/06/03 00:02:01 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2009/06/02 22:33:12 | 00,062,781 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\Logs.zip
[2009/06/02 14:22:41 | 00,422,912 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Squirell\Desktop\OTViewIt.exe
[2009/06/02 14:21:42 | 00,286,208 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\n1952vek.exe
[2009/06/02 07:24:04 | 00,000,106 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Error_Code-663218.errorreport
[2009/06/02 07:21:09 | 00,024,576 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\RS Stat Changer V5.5 BETA.exe
[2009/05/31 22:47:42 | 03,094,698 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Back Ground.png
[2009/05/31 12:15:38 | 00,359,893 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\dds.scr
[2009/05/30 20:39:00 | 03,932,214 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\Vlove.bmp
[2009/05/30 01:51:40 | 47,579,898 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Cassetteboy vs The Bloody Apprentice.mp4
[2009/05/30 01:41:34 | 00,001,867 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Videora iPod touch Converter.lnk
[2009/05/30 01:41:33 | 00,000,000 | ---D | C] -- E:\Program Files\Red Kawa
[2009/05/29 01:23:15 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Squirell\Application Data\Blender Foundation
[2009/05/26 17:10:38 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Squirell\My Documents\Intro
[2009/05/26 16:22:15 | 00,140,510 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Knife=Life.bmp
[2009/05/25 09:25:48 | 12,116,8255 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Modern Warfare 2 - Reveal.mp4
[2009/05/24 19:50:33 | 01,970,176 | ---- | C] () -- E:\WINDOWS\System32\d3dx9.dll
[2009/05/24 19:50:32 | 00,679,936 | ---- | C] (Generated by JEDI) -- E:\WINDOWS\System32\D3DX81ab.dll
[2009/05/24 19:50:24 | 00,000,000 | ---D | C] -- E:\Program Files\Cheat Engine
[2009/05/23 18:33:58 | 86,513,8128 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Vantage Point iPod.mp4
[2009/05/23 11:50:45 | 06,172,497 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\Harder,Better,Faster,Stronger.mp3
[2009/05/23 10:53:16 | 00,000,000 | ---D | C] -- E:\Program Files\AskBarDis
[2009/05/23 10:36:59 | 00,000,892 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\DVDVideoSoft Free Studio.lnk
[2009/05/23 10:36:56 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Squirell\My Documents\DVDVideoSoft
[2009/05/23 10:26:13 | 05,969,801 | ---- | C] (DVD Video Soft Limited. ) -- E:\Documents and Settings\Squirell\Desktop\Free3GPVideoConverter.exe
[2009/05/19 16:36:52 | 00,000,345 | ---- | C] () -- E:\Documents and Settings\Squirell\Desktop\Gatsby.htm
[2009/05/18 13:02:21 | 00,485,795 | ---- | C] () -- E:\fraglist.luar
[2009/05/18 11:48:53 | 00,000,492 | ---- | C] () -- E:\WINDOWS\tasks\1-Click Maintenance.job
[2009/05/18 11:48:01 | 00,604,416 | ---- | C] (TuneUp Software) -- E:\WINDOWS\System32\TUProgSt.exe
[2009/05/18 11:47:58 | 00,028,928 | ---- | C] (TuneUp Software) -- E:\WINDOWS\System32\uxtuneup.dll
[2009/05/18 11:47:54 | 00,361,216 | ---- | C] (TuneUp Software) -- E:\WINDOWS\System32\TuneUpDefragService.exe
[2009/05/17 21:14:55 | 01,183,362 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\haha.mp4
[2009/05/17 01:30:01 | 00,000,000 | -H-D | C] -- E:\WINDOWS\ie8
[2009/05/16 23:55:24 | 00,023,286 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\dp sniper.bmp
[2009/05/16 20:43:34 | 00,000,000 | ---D | C] -- E:\WINDOWS\UltraDefrag
[2009/05/15 14:10:58 | 00,096,104 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/15 14:10:58 | 00,055,640 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/15 14:10:58 | 00,045,416 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/15 14:10:58 | 00,022,360 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/15 14:10:57 | 00,028,376 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/15 14:10:53 | 00,000,000 | ---D | C] -- E:\Program Files\Avira
[2009/05/15 14:10:53 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Avira
[2009/05/14 21:14:44 | 00,027,414 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\111.bmp
[2009/05/13 19:29:24 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Squirell\My Documents\Tryouts
[2009/05/13 15:37:34 | 00,007,680 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\bootexctrl.exe
[2009/05/13 15:37:32 | 00,047,616 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag-gui-config.exe
[2009/05/13 15:37:32 | 00,009,216 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\defrag_native.exe
[2009/05/13 15:37:30 | 00,047,104 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\ultradefrag.exe
[2009/05/13 15:37:30 | 00,007,680 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag-gui.exe
[2009/05/13 15:37:26 | 00,006,144 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\wgx.dll
[2009/05/13 15:37:24 | 00,014,848 | ---- | C] () -- E:\WINDOWS\System32\lua5.1a_gui.exe
[2009/05/13 15:37:24 | 00,010,752 | ---- | C] () -- E:\WINDOWS\System32\lua5.1a.exe
[2009/05/13 15:37:24 | 00,008,704 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag.exe
[2009/05/13 15:37:22 | 00,091,648 | ---- | C] () -- E:\WINDOWS\System32\lua5.1a.dll
[2009/05/13 15:37:16 | 00,010,752 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag.dll
[2009/05/13 15:37:14 | 00,018,944 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\zenwinx.dll
[2009/05/13 15:37:10 | 00,033,792 | ---- | C] (UltraDefrag Development Team) -- E:\WINDOWS\System32\drivers\ultradfg.sys
[2009/05/10 21:51:38 | 00,017,827 | ---- | C] () -- E:\Documents and Settings\Squirell\My Documents\Devolution constitution change.docx

========== Files - Modified Within 30 Days ==========

[4 E:\WINDOWS\System32\*.tmp files]
[1 E:\WINDOWS\*.tmp files]
[2009/06/05 12:00:00 | 00,000,492 | ---- | M] () -- E:\WINDOWS\tasks\1-Click Maintenance.job
[2009/06/05 01:32:23 | 00,000,330 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/04 00:42:46 | 00,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009/06/04 00:41:28 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/06/04 00:41:24 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/06/04 00:41:21 | 26,833,75616 | -HS- | M] () -- E:\hiberfil.sys
[2009/06/04 00:39:54 | 00,000,473 | ---- | M] () -- E:\WINDOWS\win.ini
[2009/06/04 00:39:54 | 00,000,000 | ---- | M] () -- E:\WINDOWS\system.ini
[2009/06/04 00:38:16 | 00,035,366 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\Clipboard01.jpg
[2009/06/03 09:16:42 | 00,000,308 | ---- | M] () -- E:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/06/03 08:32:08 | 00,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/02 22:33:12 | 00,062,781 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\Logs.zip
[2009/06/02 14:22:42 | 00,422,912 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Squirell\Desktop\OTViewIt.exe
[2009/06/02 14:21:55 | 00,286,208 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\n1952vek.exe
[2009/06/02 07:24:56 | 00,000,106 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Error_Code-663218.errorreport
[2009/06/02 07:21:21 | 00,679,306 | -HS- | M] () -- E:\Documents and Settings\Squirell\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> E:\Documents and Settings\Squirell\My Documents\Thumbs.db:encryptable
[2009/05/31 22:47:43 | 03,094,698 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Back Ground.png
[2009/05/31 12:15:50 | 00,359,893 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\dds.scr
[2009/05/30 20:39:02 | 03,932,214 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\Vlove.bmp
[2009/05/30 01:57:48 | 47,579,898 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Cassetteboy vs The Bloody Apprentice.mp4
[2009/05/30 01:41:34 | 00,001,867 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Videora iPod touch Converter.lnk
[2009/05/29 01:38:21 | 00,158,720 | ---- | M] () -- E:\Documents and Settings\Squirell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/26 16:22:15 | 00,140,510 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Knife=Life.bmp
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/05/24 02:10:18 | 12,116,8255 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Modern Warfare 2 - Reveal.mp4
[2009/05/23 21:19:18 | 86,513,8128 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Vantage Point iPod.mp4
[2009/05/23 11:52:58 | 06,172,497 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\Harder,Better,Faster,Stronger.mp3
[2009/05/23 10:36:59 | 00,000,892 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\DVDVideoSoft Free Studio.lnk
[2009/05/23 10:35:13 | 05,969,801 | ---- | M] (DVD Video Soft Limited. ) -- E:\Documents and Settings\Squirell\Desktop\Free3GPVideoConverter.exe
[2009/05/19 16:36:53 | 00,000,345 | ---- | M] () -- E:\Documents and Settings\Squirell\Desktop\Gatsby.htm
[2009/05/18 13:02:23 | 00,485,795 | ---- | M] () -- E:\fraglist.luar
[2009/05/18 11:48:03 | 00,604,416 | ---- | M] (TuneUp Software) -- E:\WINDOWS\System32\TUProgSt.exe
[2009/05/18 11:47:55 | 00,361,216 | ---- | M] (TuneUp Software) -- E:\WINDOWS\System32\TuneUpDefragService.exe
[2009/05/18 11:39:35 | 00,168,208 | ---- | M] () -- E:\WINDOWS\System32\guard32.dll
[2009/05/18 11:39:34 | 00,082,080 | ---- | M] (COMODO) -- E:\WINDOWS\System32\drivers\inspect.sys
[2009/05/18 11:39:34 | 00,024,096 | ---- | M] (COMODO) -- E:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/18 11:39:28 | 00,132,640 | ---- | M] (COMODO) -- E:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/17 21:14:56 | 01,183,362 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\haha.mp4
[2009/05/17 17:51:59 | 00,000,079 | -HS- | M] () -- E:\Documents and Settings\Squirell\My Documents\desktop.ini
[2009/05/16 23:55:25 | 00,023,286 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\dp sniper.bmp
[2009/05/16 23:40:28 | 00,392,472 | ---- | M] () -- E:\Documents and Settings\Squirell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/16 23:34:53 | 02,777,520 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/16 21:10:59 | 00,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2009/05/14 21:15:20 | 00,027,414 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\111.bmp
[2009/05/13 15:37:34 | 00,007,680 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\bootexctrl.exe
[2009/05/13 15:37:32 | 00,047,616 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag-gui-config.exe
[2009/05/13 15:37:32 | 00,009,216 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\defrag_native.exe
[2009/05/13 15:37:30 | 00,047,104 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\ultradefrag.exe
[2009/05/13 15:37:30 | 00,007,680 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag-gui.exe
[2009/05/13 15:37:26 | 00,006,144 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\wgx.dll
[2009/05/13 15:37:24 | 00,014,848 | ---- | M] () -- E:\WINDOWS\System32\lua5.1a_gui.exe
[2009/05/13 15:37:24 | 00,010,752 | ---- | M] () -- E:\WINDOWS\System32\lua5.1a.exe
[2009/05/13 15:37:24 | 00,008,704 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag.exe
[2009/05/13 15:37:22 | 00,091,648 | ---- | M] () -- E:\WINDOWS\System32\lua5.1a.dll
[2009/05/13 15:37:16 | 00,010,752 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\udefrag.dll
[2009/05/13 15:37:14 | 00,018,944 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\zenwinx.dll
[2009/05/13 15:37:10 | 00,033,792 | ---- | M] (UltraDefrag Development Team) -- E:\WINDOWS\System32\drivers\ultradfg.sys
[2009/05/10 21:51:38 | 00,017,827 | ---- | M] () -- E:\Documents and Settings\Squirell\My Documents\Devolution constitution change.docx
[2009/05/07 08:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\MRT.exe
< End of report >

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:28 PM

Posted 05 June 2009 - 01:52 PM

The scans are bringing up a lot of active infections but the logs aren't showing nearly as much.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Let's see what that produces.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users