Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Live Messenger trojan


  • Please log in to reply
5 replies to this topic

#1 Karnivax

Karnivax

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 19 May 2009 - 10:43 AM

On Sunday night I stupidly clicked on a link I shouldn't have, which apparently hacked my Windows Live Messenger account to send spim to my contacts. I changed my password about ten minutes later, along with a bunch of other passwords, and noticed that Messenger was periodically logging itself off as the trojan was attempting to break in. I deleted everything in my Windows Live username folder and that seemed to put a stop to the logoffs.

But just this morning I got a mail on my Hotmail account telling me that a request to change my password had been made at 4:28 in the morning. It certainly wasn't me! I don't want to find out what will happen if one day this trojan manages a successful password change. I'm considering closing my Windows Live account completely, nukin my old Hotmail and just moving everything into my Gmail account, but I don't know if that will even help. I also don't know if clicking on that link on Sunday secretly dumped malware on other parts of my machine, but I ran a couple different anti-spyware scans and didn't find anything new. And that brought me to this board. I haven't posted a HJT log in a very long time and consequently I might find I have many more problems here than just the latest one.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:28 AM, on 5/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplay.com/cabs/msway44.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE9F9ED-040F-4FEB-9B41-5100ED2E3D41}: NameServer = 71.242.0.12 71.252.0.12
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11629 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:15 PM

Posted 31 May 2009 - 10:00 AM

Hello Karnivax

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Karnivax

Karnivax
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 31 May 2009 - 06:35 PM

OTL logfile created on: 5/31/2009 7:31:44 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 532.48 Mb Available Physical Memory | 52.08% Memory free
2.30 Gb Paging File | 1.81 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.37 Gb Total Space | 34.33 Gb Free Space | 15.23% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 0.96 Gb Free Space | 12.74% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DROXYSMUS
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\PC Auto Shutdown\ShutdownService.exe (GoldSolution Software, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
PRC - C:\VSTASCAN\vsaccess.exe (UMAX)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (AVP [Auto | Running]) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCAutoShutdown_Service [Auto | Running]) -- C:\Program Files\PC Auto Shutdown\ShutdownService.exe (GoldSolution Software, Inc.)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (TabletService [Auto | Running]) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bb-run [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (kl1 [Boot | Running]) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klbg [Boot | Running]) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (KLFLTDEV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\klfltdev.sys (Kaspersky Lab)
DRV - (KLIF [System | Running]) -- C:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (klim5 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\klim5.sys (Kaspersky Lab)
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (PenClass [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (wacommousefilter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys (Wacom Technology)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://myscad.scad.edu"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {6D898772-AD34-4c16-86BB-9DE787A5DEA0}:1.06
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.3.3
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.05
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.003
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 09:24:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 09:24:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2009\THBEXT [2009/05/17 22:50:56 | 00,000,000 | ---D | M]

[2008/08/26 20:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions
[2008/08/26 20:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/31 12:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions
[2009/02/24 09:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2008/08/27 00:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2009/05/29 07:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/08/26 20:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/05/18 17:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/19 21:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/15 08:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2006/10/28 18:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\temp
[2009/04/15 09:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\llu504t9.default\extensions\unplug@compunach
[2008/08/26 20:30:15 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\llu504t9.default\searchplugins\aim-search.xml
[2008/02/19 10:33:06 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\llu504t9.default\searchplugins\aolsearch.xml
[2008/08/26 20:28:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 09:24:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 09:23:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 09:23:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 11:08:51 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 11:08:51 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/07 11:08:51 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 11:08:51 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 11:08:51 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 11:08:52 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/07 11:08:52 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - File not found
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe" (GoldSolution Software, Inc.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe (UMAX)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendowifi.com/troubleshooting/usbaptest.cab (USBAPTester Class)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} https://www.canalplay.com/cabs/msway44.cab (Canal+ Active MSWAY)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/17 07:32:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/31 19:27:49 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/31 19:24:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/05/31 09:57:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/30 21:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\[Chihiro]_K-ON!_-_09_[640x480_H.264_AAC]
[2009/05/29 12:29:48 | 26,491,2876 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[SFW]_Queen_s_Blade_-_08_[C1DB5E68].mkv
[2009/05/29 08:18:39 | 26,496,4209 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[SFW]_Queen_s_Blade_-_07_[E13B403C].mkv
[2009/05/29 08:04:27 | 16,281,472 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\_Kaientai__Meda_Paniquest_Bianca-hen__Dragon_Quest_.rar
[2009/05/28 10:11:37 | 24,446,2826 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[gleam] Sora wo Kakeru Shoujo 20 ENG [720p][x264 aac].mkv
[2009/05/28 10:11:17 | 31,791,7213 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[gleam] Sora wo Kakeru Shoujo 21 ENG [720p][x264 aac].mkv
[2009/05/28 10:10:47 | 32,037,0186 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[Ayako]_Valkyria_Chronicles_08_[h264][D15F716C].mkv
[2009/05/24 17:58:59 | 00,086,095 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki119.jpg
[2009/05/24 17:58:42 | 00,088,642 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki118.jpg
[2009/05/24 17:58:27 | 00,155,868 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki117.jpg
[2009/05/24 17:58:06 | 00,120,414 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki116.jpg
[2009/05/24 10:56:30 | 93,554,631 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Brides.part3.rar
[2009/05/24 02:44:42 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Brides.part2.rar
[2009/05/24 02:42:33 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Brides.part1.rar
[2009/05/23 10:45:27 | 00,090,684 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki115.jpg
[2009/05/23 10:44:36 | 00,074,654 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki114.jpg
[2009/05/23 10:43:50 | 00,065,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki113.jpg
[2009/05/23 10:43:19 | 00,070,426 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki112.jpg
[2009/05/23 10:42:03 | 00,076,965 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki111.jpg
[2009/05/23 10:41:47 | 00,078,462 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki110.jpg
[2009/05/23 10:36:34 | 00,121,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki109.jpg
[2009/05/22 19:43:21 | 00,284,413 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki108.jpg
[2009/05/22 19:41:59 | 00,114,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki107.jpg
[2009/05/19 13:15:58 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/19 10:56:04 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.lnk
[2009/05/19 10:56:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/18 23:11:33 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows Live Messenger .lnk
[2009/05/18 19:36:41 | 00,425,301 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsukivocaloid2.jpg
[2009/05/18 19:35:47 | 00,092,342 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki106.jpg
[2009/05/17 22:52:16 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/17 22:52:16 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/17 22:50:19 | 00,557,088 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/17 22:50:19 | 00,002,984 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/05/17 22:50:19 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/17 22:50:19 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/17 22:50:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/17 22:48:14 | 00,227,344 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/16 20:59:01 | 00,166,989 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\shishidou8.jpg
[2009/05/16 20:49:17 | 00,159,766 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki105.jpg
[2009/05/15 23:35:51 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\PC Auto Shutdown.lnk
[2009/05/15 23:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Auto Shutdown
[2009/05/15 23:35:49 | 00,000,000 | ---D | C] -- C:\Program Files\PC Auto Shutdown
[2009/05/12 08:06:52 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/06 11:23:44 | 00,056,919 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki104.jpg
[2009/05/06 11:23:17 | 00,047,305 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki103.jpg
[2009/05/06 11:22:29 | 00,049,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki102.jpg
[2009/05/06 11:22:09 | 00,048,806 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki101.jpg
[2009/05/06 11:21:57 | 00,047,085 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki100.jpg
[2009/05/06 11:21:19 | 00,050,674 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki99.jpg
[2009/05/06 11:21:06 | 00,045,934 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki98.jpg
[2009/05/06 11:20:44 | 00,050,035 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki97.jpg
[2009/05/06 11:20:31 | 00,050,261 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki96.jpg
[2009/05/06 11:19:18 | 00,071,311 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki95.jpg
[2009/05/06 11:08:59 | 00,060,138 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\shishidou7.jpg
[2009/05/05 13:27:26 | 00,348,427 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsukivocaloid.jpg
[2009/05/05 13:27:06 | 00,129,866 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki94.jpg
[2009/05/05 13:26:46 | 00,061,088 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki93.jpg
[2009/05/01 18:53:55 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/21 17:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/22 21:23:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/06/22 22:06:55 | 00,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2007/06/22 22:06:55 | 00,685,056 | ---- | C] () -- C:\WINDOWS\System32\RGSS103J.dll
[2007/06/22 22:06:54 | 00,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2007/06/22 22:06:54 | 00,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2007/05/31 22:59:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/05/28 15:08:33 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/04/11 19:38:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/06 21:05:31 | 00,000,019 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2006/02/11 18:14:58 | 00,000,528 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/11/11 16:46:02 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\usbaptest.dll
[2005/10/29 16:44:03 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/29 16:44:00 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/10/11 21:58:13 | 00,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2005/10/09 16:40:02 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/10/09 16:29:20 | 00,000,092 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/10/09 16:28:07 | 00,001,176 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2005/10/09 16:28:07 | 00,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/10/09 16:28:07 | 00,000,036 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2005/10/09 16:27:51 | 00,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2005/10/09 16:27:35 | 00,135,200 | ---- | C] () -- C:\WINDOWS\u2x00_32.dll
[2005/10/09 16:27:34 | 00,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2005/10/09 16:27:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2005/10/09 16:27:34 | 00,018,366 | ---- | C] () -- C:\WINDOWS\uns3400.ini
[2005/10/09 16:27:34 | 00,016,474 | ---- | C] () -- C:\WINDOWS\uns5400.ini
[2005/10/09 16:27:34 | 00,010,438 | ---- | C] () -- C:\WINDOWS\scan05a.ini
[2005/10/09 16:27:34 | 00,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2005/10/09 16:27:34 | 00,000,394 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini
[2005/10/09 16:27:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\usq3400.dll
[2005/10/09 16:27:33 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\sqEp2Usb.dll
[2005/10/09 16:27:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\SQUSBIO.dll
[2005/10/09 16:27:32 | 00,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2005/10/09 16:27:30 | 00,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2005/10/09 16:27:29 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2005/10/09 16:26:03 | 00,000,169 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/10/09 16:25:20 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/10/09 16:25:20 | 00,000,410 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2005/10/09 16:19:57 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2005/10/09 16:19:48 | 00,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2005/10/09 16:19:48 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2005/08/09 18:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 18:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/05 13:10:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/05 12:45:13 | 00,012,959 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/05 12:45:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/05 12:39:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 12:35:30 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/05 12:35:30 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/05 12:35:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/05 12:35:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/05 12:35:30 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/05 12:35:28 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/05 12:29:23 | 00,000,073 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/05 12:25:03 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 12:22:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/05 12:22:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/05 12:22:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/05 12:22:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/05 12:22:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/05 12:22:33 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/05 12:22:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/05 12:22:33 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/05 12:22:33 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/05 12:08:24 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/05 12:04:39 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/08/05 12:04:39 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/08/05 12:04:20 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 16:07:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/10 02:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/17 07:32:38 | 00,000,796 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/16 23:21:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/27 01:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/27 08:13:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2003/11/16 05:48:02 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 05:48:00 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 12:54:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/29 20:39:40 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dcfft2.dll
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 18:42:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2009/05/31 19:31:41 | 00,010,438 | ---- | M] () -- C:\WINDOWS\scan05a.ini
[2009/05/31 19:25:05 | 00,557,088 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/31 19:25:05 | 00,002,984 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/05/31 19:24:48 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/05/31 10:34:47 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/05/31 10:04:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/31 10:04:06 | 00,001,176 | ---- | M] () -- C:\WINDOWS\vista32.ini
[2009/05/31 10:03:56 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/31 10:02:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/31 10:02:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\desktop.ini
[2009/05/31 10:02:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/31 10:02:03 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/31 10:01:15 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/31 10:01:15 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/31 09:59:18 | 00,000,796 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/31 09:59:18 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/05/31 09:59:18 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/29 13:20:00 | 26,491,2876 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[SFW]_Queen_s_Blade_-_08_[C1DB5E68].mkv
[2009/05/29 09:09:27 | 26,496,4209 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[SFW]_Queen_s_Blade_-_07_[E13B403C].mkv
[2009/05/29 08:08:32 | 16,281,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\_Kaientai__Meda_Paniquest_Bianca-hen__Dragon_Quest_.rar
[2009/05/29 03:18:15 | 32,037,0186 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[Ayako]_Valkyria_Chronicles_08_[h264][D15F716C].mkv
[2009/05/29 02:24:29 | 24,446,2826 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[gleam] Sora wo Kakeru Shoujo 20 ENG [720p][x264 aac].mkv
[2009/05/29 01:41:16 | 31,791,7213 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\[gleam] Sora wo Kakeru Shoujo 21 ENG [720p][x264 aac].mkv
[2009/05/24 17:59:36 | 06,900,102 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Thumbs.db
[2009/05/24 17:58:59 | 00,086,095 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki119.jpg
[2009/05/24 17:58:43 | 00,088,642 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki118.jpg
[2009/05/24 17:58:28 | 00,155,868 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki117.jpg
[2009/05/24 17:58:08 | 00,120,414 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki116.jpg
[2009/05/24 11:20:44 | 93,554,631 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Brides.part3.rar
[2009/05/24 03:21:11 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Brides.part2.rar
[2009/05/24 03:15:56 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Brides.part1.rar
[2009/05/23 10:45:28 | 00,090,684 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki115.jpg
[2009/05/23 10:44:38 | 00,074,654 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki114.jpg
[2009/05/23 10:43:51 | 00,065,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki113.jpg
[2009/05/23 10:43:21 | 00,070,426 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki112.jpg
[2009/05/23 10:42:04 | 00,076,965 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki111.jpg
[2009/05/23 10:41:49 | 00,078,462 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki110.jpg
[2009/05/23 10:36:55 | 00,121,890 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki109.jpg
[2009/05/22 19:48:20 | 00,425,301 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsukivocaloid2.jpg
[2009/05/22 19:43:21 | 00,284,413 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki108.jpg
[2009/05/22 19:42:00 | 00,114,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki107.jpg
[2009/05/19 10:56:04 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.lnk
[2009/05/18 23:11:33 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows Live Messenger .lnk
[2009/05/18 19:35:48 | 00,092,342 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki106.jpg
[2009/05/17 22:52:16 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/17 22:52:16 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/17 22:48:14 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/17 20:29:50 | 00,000,956 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\My Sharing Folders.lnk
[2009/05/17 10:06:35 | 02,147,480 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\dragonaut6.jpg
[2009/05/16 20:59:02 | 00,166,989 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\shishidou8.jpg
[2009/05/16 20:49:19 | 00,159,766 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki105.jpg
[2009/05/16 16:40:15 | 00,442,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/16 16:40:15 | 00,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/16 16:40:15 | 00,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/15 23:35:51 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\PC Auto Shutdown.lnk
[2009/05/07 21:20:52 | 00,002,243 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 11:23:45 | 00,056,919 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki104.jpg
[2009/05/06 11:23:18 | 00,047,305 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki103.jpg
[2009/05/06 11:22:30 | 00,049,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki102.jpg
[2009/05/06 11:22:10 | 00,048,806 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki101.jpg
[2009/05/06 11:21:58 | 00,047,085 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki100.jpg
[2009/05/06 11:21:43 | 00,050,674 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki99.jpg
[2009/05/06 11:21:07 | 00,045,934 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki98.jpg
[2009/05/06 11:20:45 | 00,050,035 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki97.jpg
[2009/05/06 11:20:32 | 00,050,261 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki96.jpg
[2009/05/06 11:19:19 | 00,071,311 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki95.jpg
[2009/05/06 11:09:00 | 00,060,138 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\shishidou7.jpg
[2009/05/05 13:27:27 | 00,348,427 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsukivocaloid.jpg
[2009/05/05 13:27:07 | 00,129,866 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki94.jpg
[2009/05/05 13:26:48 | 00,061,088 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\itsuki93.jpg

========== LOP Check ==========

[2009/05/17 22:50:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/08/26 20:36:59 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{68D98ECE-8350-4B76-A666-6DAA2183091C}
[2008/11/18 23:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/22 22:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/02/18 13:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/18 23:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/02/02 11:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/08 16:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/01/13 01:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/22 14:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2007/12/01 22:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2005/08/05 13:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2005/08/05 12:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/08/05 12:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/05/31 10:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/02/02 18:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/02/02 09:51:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/22 14:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2009/05/19 13:18:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/12/25 10:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/05/15 23:35:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Auto Shutdown
[2005/08/05 12:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/02/02 18:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/02 21:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2007/12/22 13:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/02/11 18:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/11/18 23:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/18 11:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/19 22:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/04/27 20:49:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data
[2005/10/09 21:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\.bittorrent
[2006/04/11 19:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\acccore
[2009/01/03 21:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ACD Systems
[2009/03/22 22:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
[2007/04/06 22:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
[2005/10/09 16:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Aim
[2005/12/19 22:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer
[2006/10/03 20:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ATI
[2009/05/30 22:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Azureus
[2007/09/05 10:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\CoreCodec
[2007/12/01 11:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Corel
[2007/08/23 11:40:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DivX
[2007/08/21 17:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\dvdcss
[2008/11/22 14:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EmailNotifier
[2006/10/21 08:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
[2005/11/05 19:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Help
[2005/11/05 19:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HPQ
[2005/06/10 13:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
[2006/09/30 17:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InstallShield
[2005/10/14 23:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InterVideo
[2005/08/05 12:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
[2009/02/02 18:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Lavasoft
[2005/10/09 15:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
[2008/12/09 22:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Magic Set Editor
[2009/02/02 09:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
[2007/09/05 10:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
[2008/11/22 14:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Megaupload
[2009/02/02 18:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MegauploadToolbar
[2009/05/17 22:44:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
[2008/07/15 12:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks
[2008/08/26 20:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla
[2005/11/28 14:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
[2008/08/26 21:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\RiffTrax
[2005/08/05 12:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SampleView
[2006/11/01 00:07:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SmartFTP
[2009/02/02 18:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Spybot - Search & Destroy
[2005/11/04 09:23:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
[2009/02/02 21:52:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
[2007/12/22 13:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Symantec
[2005/10/18 00:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2006/02/11 18:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ulead Systems
[2006/10/08 20:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2007/12/01 23:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint
[2005/10/29 19:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
[2008/11/22 10:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
[2009/05/31 10:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WTablet
[2006/09/30 17:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Xfire
[2004/08/10 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/31 10:02:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >


OTL Extras logfile created on: 5/31/2009 7:31:44 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 532.48 Mb Available Physical Memory | 52.08% Memory free
2.30 Gb Paging File | 1.81 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.37 Gb Total Space | 34.33 Gb Free Space | 15.23% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 0.96 Gb Free Space | 12.74% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DROXYSMUS
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"54812:UDP" = 54812:UDP:*:Enabled:port
"54812:TCP" = 54812:TCP:*:Enabled:port2
"10793:TCP" = 10793:TCP:*:Enabled:BitComet 10793 TCP
"10793:UDP" = 10793:UDP:*:Enabled:BitComet 10793 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes (Apple Inc.)
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections (Hewlett-Packard)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections (Hewlett-Packard)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client (SmartFTP GmbH)
C:\Program Files\Java\jre1.5.0\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary (Sun Microsystems, Inc.)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC (mIRC Co. Ltd.)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Common Files\AOL\1144798996\ee\aolsoftware.exe:*:Enabled:AOL Services (America Online, Inc.)
C:\Program Files\Common Files\AOL\1144798996\ee\aim6.exe:*:Enabled:AIM (America Online, Inc.)
C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek ()
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\NAMCO BANDAI Games\Mage Knight™ Apocalypse\MageKnight.exe:*:Enabled:MageKnight ()
C:\Program Files\NAMCO BANDAI Games\Mage Knight™ Apocalypse\update.exe:*:Enabled:Auto Update (Interserv International)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 (SmartSoft Ltd.)
C:\Program Files\eMule\emule.exe:*:Enabled:eMule File not found
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector ()
C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP Client
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F03BDCD-E21B-4035-9FC6-9DF100006841}" = openCanvas3.03E Plus
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2}" = WinTasks Trial
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{971280D8-75DD-BE09-2B46-14247189D2CB}" = Pokémon Platinum Desktop
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}" = Corel Painter IX
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB303F84-0D57-4F50-9C44-44706180505D}" = ATI Catalyst Control Center
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C4B3A7F9-5CD8-4608-B623-689CA3604A08}" = RiffTrax DVD Player
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E94FF1F8-E9E7-4A5C-B36A-0B2439EC68CA}" = Mage Knight™ Apocalypse
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"3ivx D4 4.5.1" = 3ivx D4 4.5.1 (remove only)
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Azureus" = Azureus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitComet" = BitComet 0.70
"BitTorrent" = BitTorrent 4.0.4
"Celtx (0.9.9.1)" = Celtx (0.9.9.1)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EC103FAC-9610-4651-BD68-CCEA97C7AB02" = FATE Demo from Compaq (remove only)
"Fate-stay night English" = Fate/stay night English v3.1
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InFlac" = InFlac 1.1.1
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.7 beta
"Matroska Pack" = Matroska Pack
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PageManager" = Presto! PageManager
"Painter 7" = Painter 7™
"PC Auto Shutdown_is1" = PC Auto Shutdown 3.9
"planetarian" = planetarian English Patch
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quick Unicode" = Quick Unicode Input tool
"QuicktimeAlt_is1" = QuickTime Alternative 1.65
"RealPlayer 6.0" = RealPlayer
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"RiffTrax DVD Player" = RiffTrax DVD Player
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Soulseek" = SoulSeek Client 156c
"SpeedUpMyPC 3.0_is1" = SpeedUpMyPC 3.0
"Tablet Driver" = Tablet
"The Core Media Player" = The Core Media Player 4.0
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"WIC" = Windows Imaging Component
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/17/2009 8:28:08 PM | Computer Name = DROXYSMUS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 5/17/2009 8:28:08 PM | Computer Name = DROXYSMUS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 5/17/2009 8:31:47 PM | Computer Name = DROXYSMUS | Source = MsiInstaller | ID = 11406
Description = Product: Windows Live Photo Gallery -- Error 1406. Could not write
value to key \Software\Classes\.mqv\shellex\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 5/17/2009 10:58:06 PM | Computer Name = DROXYSMUS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/18/2009 5:47:44 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 5:53:08 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 5:56:27 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 5:58:44 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2009 3:09:10 AM | Computer Name = DROXYSMUS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/22/2009 5:33:03 AM | Computer Name = DROXYSMUS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ Application Events ]
Error - 5/17/2009 8:28:08 PM | Computer Name = DROXYSMUS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 5/17/2009 8:28:08 PM | Computer Name = DROXYSMUS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 5/17/2009 8:31:47 PM | Computer Name = DROXYSMUS | Source = MsiInstaller | ID = 11406
Description = Product: Windows Live Photo Gallery -- Error 1406. Could not write
value to key \Software\Classes\.mqv\shellex\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 5/17/2009 10:58:06 PM | Computer Name = DROXYSMUS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/18/2009 5:47:44 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 5:53:08 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 5:56:27 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 5:58:44 PM | Computer Name = DROXYSMUS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2009 3:09:10 AM | Computer Name = DROXYSMUS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/22/2009 5:33:03 AM | Computer Name = DROXYSMUS | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 5/17/2009 8:07:02 PM | Computer Name = DROXYSMUS | Source = Service Control Manager | ID = 7034
Description = The Messenger Sharing Folders USN Journal Reader service service terminated
unexpectedly. It has done this 1 time(s).

Error - 5/17/2009 9:22:05 PM | Computer Name = DROXYSMUS | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 5/17/2009 10:51:34 PM | Computer Name = DROXYSMUS | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 5/17/2009 10:51:34 PM | Computer Name = DROXYSMUS | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 5/17/2009 10:51:34 PM | Computer Name = DROXYSMUS | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 5/17/2009 10:51:34 PM | Computer Name = DROXYSMUS | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 5/17/2009 10:51:34 PM | Computer Name = DROXYSMUS | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 5/17/2009 10:51:43 PM | Computer Name = DROXYSMUS | Source = PSched | ID = 14107
Description = QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize
the virtual miniport with NDIS.

Error - 5/17/2009 10:51:44 PM | Computer Name = DROXYSMUS | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 5/29/2009 7:44:27 AM | Computer Name = DROXYSMUS | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:15 PM

Posted 01 June 2009 - 06:38 AM

Hi your log looks good I see no signs of malware there?
Are you currently having any issues?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Karnivax

Karnivax
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 01 June 2009 - 11:38 AM

Well, I have been having some unusual slowness and Windows Explorer hangups, but I guess that's gotta be caused by something else. :/

Thank you for your help!

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:15 PM

Posted 02 June 2009 - 06:28 AM

For the other issues you can post in this forum about it:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/
=================================

I see that you have Azureus
BitTorrent and eMule
installed.
Having P2p programs such as these raise the possibility of getting infected.
See here for information on P2P's.
I will leave it up to you if you want to remove it.
To remove it just simply uninstall it then delete this folder>C:\Program Files\Azureus and if uninstalling the others would be there folders.
=====================
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your all set. :thumbup2:


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users