Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer recently hit with a Rootkit/Trojan virus, and possibly still is?


  • This topic is locked This topic is locked
15 replies to this topic

#1 Armie Kim

Armie Kim

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 11 July 2009 - 01:46 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/239301/userinitexe-accidentally-deleted-moved/ ~ OB

I recently got a Trojan virus (twice this week). The first one just randomly appeared, while the second one (which happened two days ago) may have been triggered by a pop-up from a site. After that, my SUPERAntiSpyware and Malwarebytes programs did not load and I was only able to use them after scanning with a different anti-virus program i rarely use.
I had accidentally deleted my Userinit, which blocked access to Safe Mode and I was forced onto a Logon screen. Since the virus, my Userinit had randomly appeared and disappeared, possibly by the virus.
Now, my computer seems "fixed" after the latest attack, but I'm still cautious. My anti-spyware programs found Trojan and Rootkit agents, and after "deleting" them in prior scans, they find nothing.

Here is my DDS scan log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by owner at 14:33:57.95 on 07/11/2009 Sat
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.503.83 [GMT -4:00]

AV: 알약 *On-access scanning enabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
svchost.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\system\Desktop\dds(2).scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246455144562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ibcxvier.default\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{BA5EF5A7-08DE-4B8B-A31D-7C86EC970391}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S2 cvdcfykd;Direct Parallel Link Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S2 zyyhnsikaeooe;zyyhnsikaeooe;\??\c:\windows\system32\drivers\rsjotlkrcgsg.sys --> c:\windows\system32\drivers\rsjotlkrcgsg.sys [?]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\estsoft\alyac\AYDrvSP.sys [2009-4-30 24312]

=============== Created Last 30 ================

2009-07-09 23:29 3,976,714 a------- c:\windows\system32\uactmp.db
2009-07-09 23:28 1,110,399 a------- c:\windows\system32\UACqrabdwyfjohimtfxa.db
2009-07-08 21:31 0 a------- c:\documents and settings\owner\settings.dat
2009-07-08 13:49 --d----- c:\program files\K-Lite Codec Pack
2009-07-08 13:05 --d----- c:\docume~1\owner\applic~1\Any Video Converter
2009-07-08 13:05 --d----- c:\program files\Any Video Converter
2009-07-08 13:00 --d----- c:\docume~1\owner\applic~1\Any Video Converter Professional
2009-07-08 13:00 --d----- c:\program files\Any Video Converter Professional
2009-07-08 12:51 --d-h--- c:\docume~1\owner\applic~1\IFBuilder
2009-07-08 12:16 --d----- C:\My Videos
2009-07-08 12:15 --d----- c:\docume~1\alluse~1\applic~1\Apowersoft
2009-07-08 12:14 --d----- c:\program files\Apowersoft
2009-07-08 11:33 --d----- C:\56b17e21eca6fe1a247790ff7e799c
2009-07-08 11:08 --d----- c:\program files\Vstplugins
2009-07-07 09:41 --d----- c:\windows\system32\wbem\Repository
2009-07-07 09:23 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-06 21:57 --d----- c:\windows\system32\ko-KR
2009-07-06 21:25 --d----- c:\program files\Combined Community Codec Pack
2009-07-06 18:53 --d----- c:\program files\MP3 Player Utilities 4(2).00
2009-07-05 18:55 --d----- c:\windows\system32\XPSViewer
2009-07-05 18:53 14,048 a------- c:\windows\system32\spmsg2.dll
2009-07-05 17:32 --d----- c:\program files\Sony
2009-07-05 17:15 --d----- c:\program files\Sony Setup
2009-07-05 16:57 --d----- c:\program files\uTorrent
2009-07-05 16:57 --d----- c:\docume~1\owner\applic~1\uTorrent
2009-07-04 13:06 19,569 a------- c:\windows\000001_.tmp
2009-07-04 12:39 43,520 ac------ c:\windows\system32\dllcache\admwprox.dll
2009-07-04 12:38 --d----- c:\windows\ServicePackFiles
2009-07-04 12:35 19,569 a------- c:\windows\002866_.tmp
2009-07-04 12:05 25,088 a------- c:\windows\system32\userinit(2).exe
2009-07-04 11:16 --d----- C:\ee5899ae7454f1f22d8980e3553e67
2009-07-04 10:32 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-04 10:32 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-04 10:32 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-04 10:32 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-04 10:32 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-04 10:32 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-04 10:32 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-04 10:32 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-04 10:32 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-04 10:29 --d----- c:\windows\network diagnostic
2009-07-03 01:06 --d----- c:\program files\Enigma Software Group
2009-07-02 18:47 --d----- c:\program files\Spyware Doctor
2009-07-02 18:46 --d----- c:\docume~1\owner\applic~1\GetRightToGo
2009-07-02 09:33 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-02 09:33 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-01 09:37 118 a------- c:\windows\system32\MRT.INI
2009-06-15 06:09 --d----- c:\docume~1\alluse~1\applic~1\93249366
2009-06-15 06:09 --d----- c:\docume~1\alluse~1\applic~1\13239374

==================== Find3M ====================

2009-07-09 23:25 924 ----h--- c:\windows\fonts\mlog
2009-07-04 12:41 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-02 12:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-29 17:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-29 17:31 881,664 a------- c:\windows\system32\xvidcore.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\divx.dll
2009-04-30 15:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 14:35:19.71 ===============


The Attached log is also given

Attached Files


Edited by Orange Blossom, 11 July 2009 - 01:53 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 13 July 2009 - 02:26 AM

Hello and welcome to the BleepingComputer.com! :thumbup2:

I will be helping you today. :) If you still need help, please let me know by replying to this thread. :)

Please be advised, that I am still in training.
For your own protection, I may not offer you any advice without it being checked by more experienced helpers first. This can unfortunately lead to slight delays in the responses. However we are trying to help you as quickly as possible.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

The attached zip-file is empty. Could you please attach the textfile attach.txt in your next reply?
Please give me some time to look through your logs, I will post back with more instructions soon.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 13 July 2009 - 07:12 AM

Hi Armie Kim,

you have a couple of left overs on your PC, so it is definitely not entirely clean.
To get a better idea of what is still present, please run the following tools and post the logs back in your next reply.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select All for Standard Registry
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
and finally please run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please post back the logs from OTL, the log from gmer and the log from gooredfix,

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 13 July 2009 - 08:57 PM

Thank you so much for replying! I'm downloading the programs now, so I'll give in the scans as soon as possible

Here is the attach.textfile. I'm sorry, I couldn't find the original DDS Attach text from my last scan, so i did it again...
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2008 1:50:18 AM
System Uptime: 7/13/2009 9:20:13 AM (12 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GZM-S2
Processor: Intel® Celeron® D CPU 3.06GHz | Socket 775 | 3081/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 77 GiB total, 52.611 GiB free.
D: is FIXED (FAT32) - 29 GiB total, 4.511 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/9/2009 11:24:30 PM - Software Distribution Service 3.0
RP2: 7/9/2009 11:24:31 PM - Software Distribution Service 3.0
RP3: 7/9/2009 11:24:31 PM - Software Distribution Service 3.0
RP4: 7/9/2009 11:24:33 PM - Software Distribution Service 3.0
RP5: 7/9/2009 11:24:34 PM - Software Distribution Service 3.0
RP6: 7/9/2009 11:24:35 PM - Installed Windows XP Service Pack 3.
RP7: 7/9/2009 11:24:46 PM - Installed Windows XP KB923561.
RP8: 7/9/2009 11:24:50 PM - Installed Windows XP KB938464-v2.
RP9: 7/9/2009 11:24:54 PM - Installed Windows XP KB946648.
RP10: 7/9/2009 11:25:00 PM - Installed Windows XP KB950762.
RP11: 7/9/2009 11:25:11 PM - Installed Windows XP KB950974.
RP12: 7/9/2009 11:25:17 PM - Installed Windows XP KB951066.
RP13: 7/9/2009 11:25:22 PM - Installed Windows XP KB951376-v2.
RP14: 7/9/2009 11:25:25 PM - Installed Windows XP KB951748.
RP15: 7/9/2009 11:25:28 PM - Installed Windows XP KB952004.
RP16: 7/9/2009 11:25:31 PM - Installed Windows XP KB952287.
RP17: 7/9/2009 11:25:35 PM - Installed Windows XP KB952954.
RP18: 7/4/2009 12:49:59 PM - Installed Windows XP KB954600.
RP19: 7/4/2009 12:50:33 PM - Installed Windows XP KB955069.
RP20: 7/4/2009 12:51:11 PM - Installed Windows XP KB956572.
RP21: 7/4/2009 12:51:50 PM - Installed Windows XP KB956802.
RP22: 7/4/2009 12:52:25 PM - Installed Windows XP KB956803.
RP23: 7/4/2009 12:52:59 PM - Installed Windows XP KB957097.
RP24: 7/4/2009 12:53:33 PM - Installed Windows XP KB958644.
RP25: 7/4/2009 12:54:09 PM - Installed Windows XP KB958687.
RP26: 7/4/2009 12:54:46 PM - Installed Windows XP KB958690.
RP27: 7/4/2009 12:55:37 PM - Installed Windows XP KB959426.
RP28: 7/4/2009 1:06:12 PM - Installed Windows XP Service Pack 3.
RP29: 7/4/2009 1:07:47 PM - Installed Windows XP KB923561.
RP30: 7/4/2009 1:08:09 PM - Installed Windows XP KB938464-v2.
RP31: 7/4/2009 1:08:30 PM - Installed Windows XP KB946648.
RP32: 7/4/2009 1:08:49 PM - Installed Windows XP KB950762.
RP33: 7/4/2009 1:09:04 PM - Installed Windows XP KB950974.
RP34: 7/4/2009 1:09:20 PM - Installed Windows XP KB951066.
RP35: 7/4/2009 1:09:36 PM - Installed Windows XP KB951376-v2.
RP36: 7/4/2009 1:09:56 PM - Installed Windows XP KB951748.
RP37: 7/4/2009 1:10:12 PM - Installed Windows XP KB952004.
RP38: 7/4/2009 1:10:28 PM - Installed Windows XP KB952287.
RP39: 7/4/2009 1:10:43 PM - Installed Windows XP KB952954.
RP40: 7/4/2009 1:11:01 PM - Installed Windows XP KB954600.
RP41: 7/4/2009 1:11:16 PM - Installed Windows XP KB955069.
RP42: 7/4/2009 1:11:37 PM - Installed Windows XP KB956572.
RP43: 7/4/2009 1:11:52 PM - Installed Windows XP KB956802.
RP44: 7/4/2009 1:12:08 PM - Installed Windows XP KB956803.
RP45: 7/4/2009 1:12:28 PM - Installed Windows XP KB957097.
RP46: 7/4/2009 1:12:44 PM - Installed Windows XP KB958644.
RP47: 7/4/2009 1:13:00 PM - Installed Windows XP KB958687.
RP48: 7/4/2009 1:13:16 PM - Installed Windows XP KB958690.
RP49: 7/4/2009 1:13:32 PM - Installed Windows XP KB959426.
RP50: 7/4/2009 11:47:18 PM - Good Day
RP51: 7/5/2009 12:04:51 AM - Software Distribution Service 3.0
RP52: 7/5/2009 5:16:15 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP53: 7/5/2009 5:32:31 PM - Installed Sony Media Manager 2.3
RP54: 7/5/2009 6:53:11 PM - Installed %1 %2.
RP55: 7/5/2009 6:53:23 PM - Printer Driver Microsoft XPS Document Writer Installed
RP56: 7/5/2009 7:27:32 PM - Installed Sony Vegas Pro 8.0
RP57: 7/6/2009 8:45:02 AM - Software Distribution Service 3.0
RP58: 7/6/2009 6:48:40 PM - Installed MP3 Player Utilities 4.00
RP59: 7/6/2009 6:50:18 PM - Installed MP3 Player Utilities 4.00
RP60: 7/6/2009 6:51:57 PM - Installed MP3 Player Utilities 4.00
RP61: 7/6/2009 6:52:51 PM - Installed MP3 Player Utilities 4.00
RP62: 7/6/2009 9:21:31 PM - Installed Windows KB954550-v5.
RP63: 7/6/2009 9:23:03 PM - Printer Driver Microsoft XPS Document Writer Installed
RP64: 7/6/2009 10:02:05 PM - Installed %1 %2.
RP65: 7/7/2009 9:37:08 AM - Restore Operation
RP66: 7/7/2009 11:29:51 PM - Software Distribution Service 3.0
RP67: 7/8/2009 9:35:52 AM - Software Distribution Service 3.0
RP68: 7/8/2009 9:42:37 AM - Software Distribution Service 3.0
RP69: 7/8/2009 11:04:51 AM - Removed Sony Vegas Pro 8.0a
RP70: 7/8/2009 11:07:24 AM - Installed Sony Vegas Pro 8.0
RP71: 7/8/2009 11:21:57 AM - Software Distribution Service 3.0
RP72: 7/8/2009 11:45:59 AM - Software Distribution Service 3.0
RP73: 7/8/2009 12:52:20 PM - Installed Adobe Flash Player 9 ActiveX.
RP74: 7/9/2009 7:02:52 PM - System Checkpoint
RP75: 7/10/2009 10:15:19 PM - System Checkpoint
RP76: 7/11/2009 11:15:01 PM - RESTORATION
RP77: 7/13/2009 5:54:02 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
AMV Converter Studio V1.2.3
Any Video Converter 2.7.5
Any Video Converter Professional 2.7.5
Apple Mobile Device Support
Apple Software Update
Bonjour
DTS+AC3 필터
Flash Video Studio 3.0(remove only)
GOM Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 11
K-Lite Codec Pack 4.9.5 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Movie Converter V3 (remove only)
Mozilla Firefox (3.0.11)
MPEG2 Codec(libmpeg2/mad)
MSXML 6.0 Parser (KB925673)
Nero 6 Ultra Edition
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sony Media Manager 2.3
Sony Vegas Pro 8.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VP6 VFW Codec
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
μTorrent
알약
알툴즈 업데이트
한글 2004

==== Event Viewer Messages From Past Week ========

7/9/2009 9:34:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/9/2009 11:29:22 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: The system cannot find the file specified.
7/7/2009 9:30:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/7/2009 9:29:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/7/2009 9:29:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 9:29:12 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 9:29:12 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 10:06:15 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
7/7/2009 10:06:15 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
7/7/2009 10:06:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MRxSmb Rdbss Tcpip
7/7/2009 10:06:14 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
7/7/2009 10:06:14 AM, error: Service Control Manager [7023] - The Direct Parallel Link Monitor service terminated with the following error: The specified module could not be found.
7/7/2009 10:06:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 10:06:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 10:06:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 10:06:14 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 10:06:14 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/7/2009 10:03:58 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/7/2009 10:03:58 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
7/6/2009 9:21:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ALYac_PZSrv service.
7/13/2009 9:24:39 AM, error: Service Control Manager [7034] - The ALYac_PZSrv service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 9:31:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/10/2009 11:26:45 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x00000005 [Access is denied. ]. This file is necessary to maintain system stability.
7/10/2009 11:26:45 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is .
7/10/2009 10:49:50 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================

#5 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 13 July 2009 - 09:03 PM

Okay, so this is the OTL scan reports:

OTLISTlt.txt:
OTL logfile created on: 7/13/2009 10:00:16 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = D:\system\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 100.91 Mb Available Physical Memory | 20.04% Memory free
1.32 Gb Paging File | 0.45 Gb Available in Paging File | 33.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 52.62 Gb Free Space | 68.63% Space Free | Partition Type: NTFS
Drive D: | 29.28 Gb Total Space | 4.51 Gb Free Space | 15.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COM1
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/30 15:27:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/05 15:22:32 | 00,094,208 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/04/05 15:19:18 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/04/05 15:23:14 | 00,114,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/07/23 17:51:26 | 16,804,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/06/18 19:01:56 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/04/30 15:27:14 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/28 15:58:33 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/21 17:22:26 | 00,820,472 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYAgent.aye
PRC - [2009/06/12 05:55:30 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/04/21 17:23:18 | 00,881,912 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
PRC - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/04/14 05:42:16 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009/07/13 21:59:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\system\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/21 17:23:18 | 00,881,912 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye -- (ALYac_PZSrv [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/04/30 15:27:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/10/07 16:16:16 | 00,020,424 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC [On_Demand | Running])
DRV - [2008/12/18 19:57:44 | 00,024,312 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC [On_Demand | Stopped])
DRV - [2001/08/23 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/04/05 15:46:28 | 00,830,684 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/07/24 19:02:44 | 04,749,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/28 16:40:40 | 00,111,104 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\S-1-5-21-220523388-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\S-1-5-21-220523388-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BA5EF5A7-08DE-4B8B-A31D-7C86EC970391}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/30 15:27:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 11:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/07 12:12:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/07 12:12:57 | 00,000,000 | ---D | M]

[2009/04/30 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Extensions
[2009/04/30 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/30 15:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/30 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Firefox\Profiles\ibcxvier.default\extensions
[2009/07/13 18:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 05:55:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/30 18:51:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{BA5EF5A7-08DE-4B8B-A31D-7C86EC970391}
[2009/06/12 05:55:29 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 05:55:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/12 05:55:31 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/07/07 12:12:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 12:12:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 12:12:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 12:12:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 12:12:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 12:12:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 12:12:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (781 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ALYac] C:\Program Files\ESTsoft\ALYac\AYUpdate.exe (ESTsoft Corp)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSPY2002] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-220523388-1004336348-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-220523388-1004336348-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-220523388-1004336348-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1246455144562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/25 02:48:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 D:\system\My Documents\*.tmp files]
[2009/07/13 21:59:40 | 00,513,536 | ---- | C] (OldTimer Tools) -- D:\system\Desktop\OTL.exe
[2009/07/13 15:41:28 | 00,243,712 | ---- | C] () -- D:\system\My Documents\DEMO.avi.sfk
[2009/07/13 15:38:10 | 00,000,030 | ---- | C] () -- D:\system\My Documents\DEMO.avi.sfl
[2009/07/13 14:34:35 | 61,743,7184 | ---- | C] () -- D:\system\My Documents\DEMO.avi
[2009/07/13 10:21:34 | 00,309,776 | ---- | C] () -- D:\system\Desktop\stuck.mp3.sfk
[2009/07/11 14:39:13 | 00,000,022 | ---- | C] () -- D:\system\Desktop\Attach Text for DDS.zip
[2009/07/11 14:33:09 | 00,359,929 | ---- | C] () -- D:\system\Desktop\dds(2).scr
[2009/07/09 23:29:02 | 03,976,714 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/09 23:28:30 | 01,110,399 | ---- | C] () -- C:\WINDOWS\System32\UACqrabdwyfjohimtfxa.db
[2009/07/08 23:19:25 | 00,050,688 | ---- | C] (Atribune.org) -- D:\system\Desktop\ATF-Cleaner.exe
[2009/07/08 21:23:08 | 00,451,655 | ---- | C] () -- D:\system\Desktop\RootRepeal.zip
[2009/07/08 16:33:06 | 00,027,136 | ---- | C] () -- D:\system\My Documents\Dear Aromie Kim of the future.doc
[2009/07/08 15:28:57 | 02,219,680 | ---- | C] () -- D:\system\Desktop\[Formula]_Shugo_Chara_-_01_[XviD][F8FB13A1].avi.sfk
[2009/07/08 15:23:43 | 18,062,0624 | ---- | C] () -- D:\system\Desktop\[Formula]_Shugo_Chara_-_01_[XviD][F8FB13A1].avi
[2009/07/08 15:09:26 | 04,496,805 | ---- | C] () -- D:\system\Desktop\stuck.mp3
[2009/07/08 13:49:28 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/08 13:49:28 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/08 13:49:26 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/07/08 13:49:26 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/07/08 13:49:25 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/08 13:49:25 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/07/08 13:49:25 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/08 13:49:25 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/07/08 13:49:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/08 13:49:24 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/07/08 13:49:24 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/07/08 13:49:23 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/08 13:49:23 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/08 13:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/07/08 13:43:30 | 14,100,376 | ---- | C] ( ) -- D:\system\Desktop\klcodec495f.exe
[2009/07/08 13:06:28 | 00,000,000 | ---D | C] -- D:\system\My Documents\Any Video Converter
[2009/07/08 13:05:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Any Video Converter
[2009/07/08 13:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/07/08 13:01:30 | 00,000,000 | ---D | C] -- D:\system\My Documents\Any Video Converter Professional
[2009/07/08 13:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Any Video Converter Professional
[2009/07/08 13:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter Professional
[2009/07/08 12:53:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Application Data\FVSTemp
[2009/07/08 12:51:49 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Application Data\IFBuilder
[2009/07/08 12:48:18 | 00,000,000 | ---D | C] -- D:\system\My Documents\OJOsoft Corporation
[2009/07/08 12:16:34 | 00,000,000 | ---D | C] -- C:\My Videos
[2009/07/08 12:15:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apowersoft
[2009/07/08 12:14:15 | 00,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2009/07/08 11:33:47 | 00,000,000 | ---D | C] -- C:\56b17e21eca6fe1a247790ff7e799c
[2009/07/08 11:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009/07/07 09:23:41 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/06 21:57:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/07/06 21:25:59 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2009/07/06 21:16:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Media Player Classic
[2009/07/06 20:35:32 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/06 18:53:05 | 00,000,000 | ---D | C] -- C:\Program Files\MP3 Player Utilities 4(2).00
[2009/07/05 21:57:07 | 00,000,000 | ---D | C] -- D:\system\My Documents\Sony Media Libraries
[2009/07/05 21:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Publish Providers
[2009/07/05 21:35:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Sony
[2009/07/05 19:02:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/05 18:55:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/07/05 18:54:06 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/05 18:53:11 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/07/05 18:43:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Sony
[2009/07/05 17:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/07/05 17:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/07/05 17:20:47 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/07/05 17:17:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/07/05 17:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Sony Setup
[2009/07/05 17:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/07/05 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/07/05 16:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\uTorrent
[2009/07/05 16:56:58 | 00,288,048 | ---- | C] (BitTorrent, Inc.) -- D:\system\Desktop\utorrent.exe
[2009/07/04 13:16:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/04 12:40:25 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/07/04 12:40:25 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/07/04 12:40:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/07/04 12:40:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/07/04 12:40:19 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/07/04 12:40:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/07/04 12:40:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/07/04 12:40:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/07/04 12:40:17 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/07/04 12:40:17 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/07/04 12:40:17 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/07/04 12:40:17 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/07/04 12:40:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\azroles.dll
[2009/07/04 12:40:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/07/04 12:40:17 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/07/04 12:40:17 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/07/04 12:40:17 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2009/07/04 12:40:17 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/07/04 12:40:17 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/07/04 12:40:17 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/07/04 12:40:17 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/07/04 12:40:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2009/07/04 12:40:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/07/04 12:40:16 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/07/04 12:40:16 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/07/04 12:40:16 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/07/04 12:40:16 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/07/04 12:40:16 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/07/04 12:40:16 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/07/04 12:40:16 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/07/04 12:40:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/07/04 12:40:16 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/07/04 12:40:16 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/07/04 12:40:16 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/07/04 12:40:16 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/07/04 12:40:16 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/07/04 12:40:16 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/07/04 12:40:16 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/07/04 12:40:16 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/07/04 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/07/04 12:40:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/07/04 12:40:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/07/04 12:40:16 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/07/04 12:40:15 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/07/04 12:40:15 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/07/04 12:40:14 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/07/04 12:40:14 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/07/04 12:40:14 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/07/04 12:40:14 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/07/04 12:40:14 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/07/04 12:40:14 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/07/04 12:40:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/07/04 12:40:14 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/07/04 12:40:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/07/04 12:40:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/07/04 12:40:14 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/07/04 12:40:13 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/07/04 12:40:13 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/07/04 12:40:13 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/07/04 12:40:13 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/07/04 12:40:13 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/07/04 12:40:13 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/07/04 12:40:13 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/07/04 12:40:13 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/07/04 12:40:13 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/07/04 12:40:13 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/07/04 12:40:13 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/07/04 12:40:13 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/07/04 12:40:13 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/07/04 12:40:13 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/07/04 12:40:13 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/07/04 12:40:13 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/07/04 12:40:12 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/07/04 12:40:12 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/07/04 12:40:12 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/07/04 12:40:12 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/07/04 12:40:12 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/07/04 12:40:12 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/07/04 12:40:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/07/04 12:40:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/07/04 12:40:10 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/07/04 12:40:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/07/04 12:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/07/04 12:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/07/04 12:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/07/04 12:40:04 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/07/04 12:39:48 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/07/04 12:38:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/07/04 12:36:54 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/07/04 12:36:54 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/07/04 12:36:54 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/07/04 12:36:54 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/07/04 12:36:54 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/07/04 12:36:54 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/07/04 12:36:54 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/07/04 12:36:54 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/07/04 12:36:54 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/07/04 12:36:54 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/07/04 12:36:54 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/07/04 12:36:54 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/07/04 12:36:54 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/07/04 12:36:54 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/07/04 12:36:54 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/07/04 12:36:54 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/07/04 12:36:54 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/07/04 12:36:54 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/07/04 12:36:54 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/07/04 12:36:54 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/07/04 12:36:54 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/07/04 12:36:53 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/07/04 12:36:53 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/07/04 12:36:53 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/07/04 12:36:53 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/07/04 12:36:53 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/07/04 12:36:53 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/07/04 12:36:53 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/07/04 12:36:53 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/07/04 12:36:53 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/07/04 12:36:53 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/07/04 12:36:53 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/07/04 12:36:53 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/07/04 12:36:53 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/07/04 12:36:53 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/07/04 12:36:53 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/07/04 12:36:53 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/07/04 12:36:53 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/07/04 12:36:53 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/07/04 12:36:53 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/07/04 12:36:53 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/07/04 12:36:53 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/07/04 12:36:53 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/07/04 12:36:53 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/07/04 12:36:53 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/07/04 12:36:53 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/07/04 12:36:53 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/07/04 12:36:53 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/07/04 12:36:53 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/07/04 12:36:53 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/07/04 12:36:52 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/04 12:36:52 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/07/04 12:36:52 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/07/04 12:36:52 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/07/04 12:36:52 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/07/04 12:36:52 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/07/04 12:36:52 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/07/04 12:36:52 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/07/04 12:36:52 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/07/04 12:36:52 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/07/04 12:36:52 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/07/04 12:36:52 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/07/04 12:36:52 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/07/04 12:36:52 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/07/04 12:36:52 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/07/04 12:36:51 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/07/04 12:36:51 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/07/04 12:36:51 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/07/04 12:36:51 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/07/04 12:36:51 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/07/04 12:36:51 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/07/04 12:36:51 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/07/04 12:36:51 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/07/04 12:36:51 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/07/04 12:36:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/07/04 12:36:51 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/07/04 12:36:51 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/07/04 12:36:51 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/07/04 12:36:51 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/07/04 12:36:51 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/07/04 12:36:51 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/07/04 12:36:51 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/07/04 12:36:50 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/07/04 12:36:50 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/07/04 12:33:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/07/04 12:05:28 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit(2).exe
[2009/07/04 12:03:40 | 00,025,088 | ---- | C] (Microsoft Corporation) -- D:\system\Desktop\userinit.exe
[2009/07/04 11:16:18 | 00,000,000 | ---D | C] -- C:\ee5899ae7454f1f22d8980e3553e67
[2009/07/04 10:33:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/07/04 10:32:56 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/07/04 10:32:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/07/04 10:32:55 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/07/04 10:32:55 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/04 10:32:55 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/07/04 10:32:54 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/04 10:32:54 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/07/04 10:32:54 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/07/04 10:32:54 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/07/04 10:32:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/04 10:32:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/07/04 10:30:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/07/04 10:30:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/07/04 10:30:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/07/04 10:30:02 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/07/04 10:29:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/07/03 01:06:37 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/07/02 18:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 18:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/07/02 18:46:43 | 00,000,000 | ---D | C] -- D:\system\Desktop\Downloads
[2009/07/02 18:46:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2009/07/02 09:33:55 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/02 09:33:54 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/07/01 09:37:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/01 09:29:58 | 23,635,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/29 20:07:37 | 00,000,162 | -H-- | C] () -- D:\system\My Documents\~$KAYU.doc
[2009/06/29 18:38:59 | 00,000,162 | -H-- | C] () -- D:\system\My Documents\~$aras.melodyoflight.doc
[2009/06/29 10:03:39 | 02,379,275 | ---- | C] () -- D:\system\My Documents\tsukiyo no violinist part 2.JPG
[2009/06/29 10:03:16 | 01,816,642 | ---- | C] () -- D:\system\My Documents\tsukiyo no violinist.JPG
[2009/06/29 10:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\WinRAR
[2009/06/29 10:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/06/29 10:00:48 | 01,373,490 | ---- | C] () -- D:\system\Desktop\wrar39b3.exe
[2009/06/24 12:12:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Identities
[2009/06/24 12:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\AdobeUM
[2009/06/17 21:43:04 | 00,069,120 | ---- | C] () -- D:\system\My Documents\charas.melodyoflight.doc
[2009/06/15 06:10:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\93249366.ini
[2009/06/15 06:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\93249366
[2009/06/15 06:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13239374
[2009/06/14 21:58:40 | 00,027,136 | ---- | C] () -- D:\system\My Documents\lio.chain.doc
[2009/06/13 23:26:38 | 00,028,160 | ---- | C] () -- D:\system\My Documents\wonderland.wack.doc
[2009/04/30 20:45:29 | 00,000,213 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/25 21:01:44 | 00,001,560 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/11/25 20:23:34 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/25 03:08:21 | 00,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2008/11/25 03:05:29 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfg.ini
[2008/11/25 02:59:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 D:\system\My Documents\*.tmp files]
[2009/07/13 21:59:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\system\Desktop\OTL.exe
[2009/07/13 21:49:18 | 00,054,784 | ---- | M] () -- D:\system\My Documents\Ikuto.doc
[2009/07/13 15:41:38 | 00,243,712 | ---- | M] () -- D:\system\My Documents\DEMO.avi.sfk
[2009/07/13 15:41:26 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 15:40:46 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/13 15:38:12 | 61,743,7184 | ---- | M] () -- D:\system\My Documents\DEMO.avi
[2009/07/13 15:38:12 | 00,000,030 | ---- | M] () -- D:\system\My Documents\DEMO.avi.sfl
[2009/07/13 11:18:26 | 00,309,776 | ---- | M] () -- D:\system\Desktop\stuck.mp3.sfk
[2009/07/13 09:21:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/13 09:20:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/13 09:20:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/11 14:39:14 | 00,000,022 | ---- | M] () -- D:\system\Desktop\Attach Text for DDS.zip
[2009/07/11 14:33:08 | 00,359,929 | ---- | M] () -- D:\system\Desktop\dds(2).scr
[2009/07/10 11:32:29 | 03,976,714 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/09 23:28:34 | 01,110,399 | ---- | M] () -- C:\WINDOWS\System32\UACqrabdwyfjohimtfxa.db
[2009/07/08 23:19:26 | 00,050,688 | ---- | M] (Atribune.org) -- D:\system\Desktop\ATF-Cleaner.exe
[2009/07/08 21:23:06 | 00,451,655 | ---- | M] () -- D:\system\Desktop\RootRepeal.zip
[2009/07/08 16:52:32 | 00,027,136 | ---- | M] () -- D:\system\My Documents\Dear Aromie Kim of the future.doc
[2009/07/08 15:37:32 | 02,219,680 | ---- | M] () -- D:\system\Desktop\[Formula]_Shugo_Chara_-_01_[XviD][F8FB13A1].avi.sfk
[2009/07/08 15:26:48 | 18,062,0624 | ---- | M] () -- D:\system\Desktop\[Formula]_Shugo_Chara_-_01_[XviD][F8FB13A1].avi
[2009/07/08 15:09:40 | 04,496,805 | ---- | M] () -- D:\system\Desktop\stuck.mp3
[2009/07/08 13:44:58 | 14,100,376 | ---- | M] ( ) -- D:\system\Desktop\klcodec495f.exe
[2009/07/08 12:15:29 | 00,079,064 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/08 11:52:10 | 00,284,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 11:48:50 | 00,531,656 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/08 11:48:50 | 00,462,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/08 11:48:50 | 00,079,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/08 09:46:14 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/07 19:49:28 | 00,029,184 | ---- | M] () -- D:\system\My Documents\Doc.1..doc
[2009/07/05 23:28:10 | 00,069,120 | ---- | M] () -- D:\system\My Documents\charas.melodyoflight.doc
[2009/07/05 16:56:58 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- D:\system\Desktop\utorrent.exe
[2009/07/05 14:11:06 | 00,002,375 | ---- | M] () -- D:\system\Desktop\Microsoft Office Word 2003.lnk
[2009/07/04 13:17:10 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/07/04 13:15:40 | 05,362,348 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2009/07/04 12:36:39 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/07/04 12:05:28 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit(2).exe
[2009/07/04 12:03:38 | 00,025,088 | ---- | M] (Microsoft Corporation) -- D:\system\Desktop\userinit.exe
[2009/07/04 09:56:01 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/01 17:56:24 | 00,047,104 | ---- | M] () -- D:\system\My Documents\KAYU.doc
[2009/07/01 09:37:54 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/29 20:07:38 | 00,000,162 | -H-- | M] () -- D:\system\My Documents\~$KAYU.doc
[2009/06/29 18:39:00 | 00,000,162 | -H-- | M] () -- D:\system\My Documents\~$aras.melodyoflight.doc
[2009/06/29 10:03:42 | 02,379,275 | ---- | M] () -- D:\system\My Documents\tsukiyo no violinist part 2.JPG
[2009/06/29 10:03:20 | 01,816,642 | ---- | M] () -- D:\system\My Documents\tsukiyo no violinist.JPG
[2009/06/29 10:00:54 | 01,373,490 | ---- | M] () -- D:\system\Desktop\wrar39b3.exe
[2009/06/28 20:03:22 | 00,068,608 | ---- | M] () -- D:\system\My Documents\junk2.doc
[2009/06/20 22:06:48 | 00,039,424 | ---- | M] () -- D:\system\My Documents\SORAKOMI.AMAI.doc
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 06:10:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\93249366.ini
[2009/06/14 21:58:42 | 00,027,136 | ---- | M] () -- D:\system\My Documents\lio.chain.doc
[2009/06/13 23:26:40 | 00,028,160 | ---- | M] () -- D:\system\My Documents\wonderland.wack.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >


Extra.txt
OTL Extras logfile created on: 7/13/2009 10:00:16 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = D:\system\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 100.91 Mb Available Physical Memory | 20.04% Memory free
1.32 Gb Paging File | 0.45 Gb Available in Paging File | 33.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 52.62 Gb Free Space | 68.63% Space Free | Partition Type: NTFS
Drive D: | 29.28 Gb Total Space | 4.51 Gb Free Space | 15.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COM1
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/07/05 16:57:50 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent
[2009/04/30 15:27:12 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{550B69DF-9C7D-4988-9535-3D7526BC0A4E}_is1" = AMV Converter Studio V1.2.3
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6D17CB8-EE16-4F07-ADF1-00C4A4A3E47B}" = 한글 2004
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ALUpdate_is1" = 알툴즈 업데이트
"ALYac_is1" = 알약
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.5
"Any Video Converter_is1" = Any Video Converter 2.7.5
"DtsFilter" = DTS+AC3 필터
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieConverterV3" = Movie Converter V3 (remove only)
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flash Video Studio 3.0" = Flash Video Studio 3.0(remove only)
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/10/2009 2:52:55 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The Direct Parallel Link Monitor service terminated with the following
error: %%126

Error - 7/10/2009 5:15:13 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%2

Error - 7/10/2009 5:15:13 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The Direct Parallel Link Monitor service terminated with the following
error: %%126

Error - 7/11/2009 1:41:30 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%2

Error - 7/11/2009 1:41:30 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The Direct Parallel Link Monitor service terminated with the following
error: %%126

Error - 7/12/2009 12:48:35 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%2

Error - 7/12/2009 12:48:35 PM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The Direct Parallel Link Monitor service terminated with the following
error: %%126

Error - 7/13/2009 9:20:41 AM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%2

Error - 7/13/2009 9:20:41 AM | Computer Name = COM1 | Source = Service Control Manager | ID = 7023
Description = The Direct Parallel Link Monitor service terminated with the following
error: %%126

Error - 7/13/2009 9:24:39 AM | Computer Name = COM1 | Source = Service Control Manager | ID = 7034
Description = The ALYac_PZSrv service terminated unexpectedly. It has done this
1 time(s).


< End of report >



I will post GooredFix results in my next reply to avoid confusion

#6 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 13 July 2009 - 09:35 PM

This is my unfinished GMER scan . I'm sorry I didn't give in a complete one because my family members complained about the disconnected Internet. I'll be sure to add in a completed scan as soon as possible!!

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-13 22:29:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA9D0DF0]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqboetjiixgsklyjui.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACipyameeebfmivvosr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACqrabdwyfjohimtfxa.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqjbmeilschowqbgee.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1


Like you said, my computer is definitely not clean!

Edited by Armie Kim, 13 July 2009 - 09:35 PM.


#7 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 July 2009 - 01:05 PM

Here is the COMPLETED GMER scan!!

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-14 09:48:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA9D0DF0]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqboetjiixgsklyjui.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACipyameeebfmivvosr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACqrabdwyfjohimtfxa.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqjbmeilschowqbgee.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 14 July 2009 - 01:47 PM

Hi Armie Kim,

could you please post the log from goored fix as well? :thumbup2:

thanks,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 15 July 2009 - 07:46 AM

Hi,Hi Armie Kim,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com


The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system.


Please disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please also remember to post the log from goored in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 July 2009 - 12:03 PM

Thank you!! Here is my Combofix Scan (note: I already had an original Combofix I had downloaded a while ago so I used that one)

ComboFix 09-07-14.08 - owner 5/2009 Wed 12:45.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.503.297 [GMT -4:00]
Running from: d:\system\Desktop\ComboFix.exe
AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 3
The syntax of the command is incorrect.

PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: ProgramsFile
PEV Error: ProgramsFolder
PEV Error: StartUpFile
PEV Error: UserFile
PEV Error: UserFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\120cf41.msp
c:\windows\Installer\120cf42.msp
c:\windows\Installer\120cf43.msp
c:\windows\Installer\120cf44.msp
c:\windows\Installer\120cf45.msp
c:\windows\Installer\120cf46.msp
c:\windows\Installer\120cf47.msp
c:\windows\Installer\120cf48.msp
c:\windows\Installer\120cf49.msp
c:\windows\Installer\15a4714.msp
c:\windows\Installer\15a4715.msp
c:\windows\Installer\15a4716.msp
c:\windows\Installer\15a4717.msp
c:\windows\Installer\15a4718.msp
c:\windows\Installer\15a4719.msp
c:\windows\Installer\15a471a.msp
c:\windows\Installer\15a471b.msp
c:\windows\Installer\15a471c.msp
c:\windows\Installer\15a471d.msp
c:\windows\Installer\173bae2.msp
c:\windows\Installer\173bae3.msp
c:\windows\Installer\173bae4.msp
c:\windows\Installer\173bae5.msp
c:\windows\Installer\173bae6.msp
c:\windows\Installer\173baf7.msp
c:\windows\Installer\173baf8.msp
c:\windows\Installer\173baf9.msp
c:\windows\Installer\173bafa.msp
c:\windows\Installer\173bafb.msp
c:\windows\Installer\173bafc.msp
c:\windows\Installer\173bafd.msp
c:\windows\system32\UACqrabdwyfjohimtfxa.db
c:\windows\system32\uactmp.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_PCMSTUB
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 03:04 . 2009-07-14 03:04 172912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-09 01:31 . 2009-07-09 01:31 0 ----a-w- c:\documents and settings\owner\settings.dat
2009-07-08 17:49 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-08 17:49 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-08 17:49 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-08 17:49 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-08 17:49 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-08 17:49 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-08 17:49 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-08 17:49 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-08 17:49 . 2009-07-08 17:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 17:05 . 2009-07-09 17:45 -------- d-----w- c:\documents and settings\owner\Application Data\Any Video Converter
2009-07-08 17:05 . 2009-07-08 17:07 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 17:00 . 2009-07-08 17:01 -------- d-----w- c:\documents and settings\owner\Application Data\Any Video Converter Professional
2009-07-08 17:00 . 2009-07-08 17:01 -------- d-----w- c:\program files\Any Video Converter Professional
2009-07-08 16:53 . 2009-07-08 16:53 -------- d--h--w- c:\documents and settings\owner\Application Data\FVSTemp
2009-07-08 16:51 . 2009-07-08 16:51 -------- d--h--w- c:\documents and settings\owner\Application Data\IFBuilder
2009-07-08 16:16 . 2009-07-08 16:16 -------- d-----w- C:\My Videos
2009-07-08 16:15 . 2009-07-08 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apowersoft
2009-07-08 16:14 . 2009-07-08 16:14 -------- d-----w- c:\program files\Apowersoft
2009-07-08 15:33 . 2009-07-08 15:34 -------- d-----w- C:\56b17e21eca6fe1a247790ff7e799c
2009-07-08 15:08 . 2009-07-08 15:08 -------- d-----w- c:\program files\Vstplugins
2009-07-07 13:41 . 2009-07-07 13:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 01:57 . 2009-07-07 01:57 -------- d-----w- c:\windows\system32\ko-KR
2009-07-07 01:25 . 2009-07-07 13:39 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-07 01:16 . 2009-07-07 01:29 -------- d-----w- c:\documents and settings\owner\Application Data\Media Player Classic
2009-07-06 22:53 . 2009-07-07 13:41 -------- d-----w- c:\program files\MP3 Player Utilities 4(2).00
2009-07-06 01:55 . 2009-07-06 01:55 -------- d-----w- c:\documents and settings\owner\Application Data\Publish Providers
2009-07-06 01:35 . 2009-07-06 01:35 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Sony
2009-07-05 23:02 . 2009-07-05 23:02 -------- d-----w- c:\program files\MSBuild
2009-07-05 22:55 . 2009-07-08 15:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-05 22:54 . 2009-07-05 22:54 -------- d-----w- c:\program files\Reference Assemblies
2009-07-05 22:53 . 2006-06-29 17:07 14048 ----a-w- c:\windows\system32\spmsg2.dll
2009-07-05 22:48 . 2009-07-05 22:49 52770576 ----a-w- c:\documents and settings\owner\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 22:43 . 2009-07-06 01:35 -------- d-----w- c:\documents and settings\owner\Application Data\Sony
2009-07-05 21:32 . 2009-07-05 23:35 -------- d-----w- c:\program files\Sony
2009-07-05 21:32 . 2009-07-08 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-07-05 21:15 . 2009-07-05 21:15 23510720 ----a-w- c:\documents and settings\owner\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2009-07-05 21:15 . 2009-07-05 22:48 -------- d-----w- c:\documents and settings\owner\Application Data\Sony Setup
2009-07-05 21:15 . 2009-07-05 21:15 -------- d-----w- c:\program files\Sony Setup
2009-07-05 20:57 . 2009-07-05 20:57 -------- d-----w- c:\program files\uTorrent
2009-07-05 20:57 . 2009-07-08 20:53 -------- d-----w- c:\documents and settings\owner\Application Data\uTorrent
2009-07-04 16:39 . 2008-04-14 09:41 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2009-07-04 16:38 . 2009-07-04 16:40 -------- d-----w- c:\windows\ServicePackFiles
2009-07-04 16:05 . 2009-07-04 16:05 25088 ----a-w- c:\windows\system32\userinit(2).exe
2009-07-04 15:16 . 2009-07-04 15:17 -------- d-----w- C:\ee5899ae7454f1f22d8980e3553e67
2009-07-04 14:32 . 2009-04-29 04:55 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-04 14:32 . 2009-04-29 04:55 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-04 14:32 . 2009-04-29 04:55 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-04 14:32 . 2009-04-28 09:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-07-04 14:32 . 2009-04-29 04:55 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-04 14:32 . 2009-04-29 04:55 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-07-04 14:32 . 2009-04-29 04:55 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-07-04 14:32 . 2008-07-09 14:25 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-07-03 05:06 . 2009-07-03 05:06 -------- d-----w- c:\program files\Enigma Software Group
2009-07-02 22:49 . 2009-07-15 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-02 22:47 . 2009-07-04 13:58 -------- d-----w- c:\program files\Spyware Doctor
2009-07-02 22:46 . 2009-07-02 22:47 -------- d-----w- c:\documents and settings\owner\Application Data\GetRightToGo
2009-07-02 13:33 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-24 16:12 . 2009-06-24 16:12 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Identities
2009-06-24 16:07 . 2009-06-24 16:07 -------- d-----w- c:\documents and settings\owner\Application Data\AdobeUM
2009-06-16 14:36 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:09 . 2009-07-14 03:02 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 16:50 . 2009-05-01 01:36 117760 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-14 03:05 . 2009-05-01 01:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 17:36 . 2009-05-01 01:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-05-01 01:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 03:25 . 2009-07-10 03:25 924 ---h--w- c:\windows\Fonts\mlog
2009-07-09 13:40 . 2009-05-01 02:41 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 16:15 . 2008-11-26 00:22 79064 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 22:41 . 2009-04-30 22:59 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
2009-07-04 16:41 . 2008-11-25 06:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-02 19:37 . 2009-04-30 23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-02 19:28 . 2009-06-15 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\13239374
2009-07-02 14:39 . 2008-11-25 06:57 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 19:58 . 2009-05-01 01:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-16 14:36 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:22 . 2009-06-15 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\93249366
2009-06-03 19:09 . 2004-08-04 00:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 02:01 . 2009-05-20 02:01 -------- d-----w- c:\documents and settings\owner\Application Data\GRETECH
2009-05-07 15:32 . 2004-08-04 00:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 20:54 . 2009-04-30 20:54 0 ----a-w- c:\windows\nsreg.dat
2009-04-30 19:27 . 2009-04-30 19:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-30 19:27 . 2009-04-30 19:27 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-29 04:56 . 2004-08-04 00:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 00:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-03 23:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 09:55 . 2009-04-30 20:53 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ALYac"="c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2008-10-07 79304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2008-06-19 2808832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S2 cvdcfykd;Direct Parallel Link Monitor;c:\windows\System32\svchost.exe -k netsvcs [8/3/2004 8:56 PM 14336]
S2 zyyhnsikaeooe;zyyhnsikaeooe;\??\c:\windows\system32\drivers\rsjotlkrcgsg.sys --> c:\windows\system32\drivers\rsjotlkrcgsg.sys [?]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [4/30/2009 3:30 PM 24312]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cvdcfykd
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ibcxvier.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 12:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESTsoft\ALYac\AYAgent.aye
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-15 12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 16:55
ComboFix2.txt 2009-05-01 02:35

Pre-Run: 56,607,780,864 bytes free
Post-Run: 56,783,360,000 bytes free

253 --- E O F --- 2009-07-15 13:07

Strangely enough, it didn't install the Windows Recovery Console...moreover, it didn't even notify me that I didn't have it and I found out only by looking at this log. Should I scan it again using your mirror link?

My GooredFix log:
GooredFix by jpshortstuff (12.07.09)
Log created at 22:05 on 13/07/2009 (owner)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

Deleting C:\Program Files\Mozilla Firefox\extensions\{BA5EF5A7-08DE-4B8B-A31D-7C86EC970391} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:53 30/04/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:27 30/04/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:46 07/07/2009]

-=E.O.F=-

Also, when the Combofix scan was done, a Windows Genuine Advantage notification came up (I never had this) and told me that I may have counterfeited software. It says this:

"You may be a victim of software counterfeiting.
This copy of Windows did not pass genuine Windows validation."

Edited by Armie Kim, 15 July 2009 - 12:09 PM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 17 July 2009 - 04:16 AM

Hi armie kim, :thumbup2:

there are a lot of signs suggesting the fact, that your installation is not a legit installation of Windows XP but a pirated one. As stated before pirated software bears many risks and is also illegal.
If your operating system is illegal, I would strongly suggest that you either switch to a free operating system such as Linux distributions or buy a Windows Operating System, such as XP/Vista. Microsoft checks if your version of XP is genuine and displays that message, if it thinks, that it is not. You will not get any help to circumvent the authenticity check of Windows from me.
Please read this site about what Windows Genuine Advantage is and how to proceed if your system fails it: http://support.microsoft.com/kb/892130


There are some remaining malware traces, we need to get rid of as well:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

folder::
c:\documents and settings\All Users\Application Data\13239374
c:\documents and settings\All Users\Application Data\93249366
file::
c:\windows\system32\drivers\rsjotlkrcgsg.sys
driver::
cvdcfykd
zyyhnsikaeooe
netsvc::
cvdcfykd
dds::
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please also run a scan with OTL again:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • For "Standard Registry" select all
  • Push the Posted Image button.
  • A report will open, copy and paste them in a reply here:
    • OTListIt.txt
Post back the log from Combofix and OTL in your next reply. Are you still experiencing troubles regarding the userinit entry in the registry?
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 17 July 2009 - 10:43 PM

I am almost 100% sure that my copy of Windows is in fact genuine. I've had my computer for years and this had never happened before...
This was the first time I received the Genuine Validation notification...and it startled me to say the least :thumbup2:

Here is my Combofix scan:
ComboFix 09-07-14.08 - owner 7/2009 Fri 23:24.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.503.301 [GMT -4:00]
Running from: d:\system\Desktop\Combofix.exe.exe
Command switches used :: d:\system\Desktop\CFScript.txt
AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\rsjotlkrcgsg.sys"
.
/wow section - STAGE 3
The syntax of the command is incorrect.

PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: ProgramsFile
PEV Error: ProgramsFolder
PEV Error: StartUpFile
PEV Error: UserFile
PEV Error: UserFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\13239374
c:\documents and settings\All Users\Application Data\93249366

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CVDCFYKD
-------\Legacy_ZYYHNSIKAEOOE
-------\Service_cvdcfykd
-------\Service_zyyhnsikaeooe


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-14 03:04 . 2009-07-14 03:04 172912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-09 01:31 . 2009-07-09 01:31 0 ----a-w- c:\documents and settings\owner\settings.dat
2009-07-08 17:49 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-08 17:49 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-08 17:49 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-08 17:49 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-08 17:49 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-08 17:49 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-08 17:49 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-08 17:49 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-08 17:49 . 2009-07-08 17:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 17:05 . 2009-07-09 17:45 -------- d-----w- c:\documents and settings\owner\Application Data\Any Video Converter
2009-07-08 17:05 . 2009-07-08 17:07 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 17:00 . 2009-07-08 17:01 -------- d-----w- c:\documents and settings\owner\Application Data\Any Video Converter Professional
2009-07-08 17:00 . 2009-07-08 17:01 -------- d-----w- c:\program files\Any Video Converter Professional
2009-07-08 16:53 . 2009-07-08 16:53 -------- d--h--w- c:\documents and settings\owner\Application Data\FVSTemp
2009-07-08 16:51 . 2009-07-08 16:51 -------- d--h--w- c:\documents and settings\owner\Application Data\IFBuilder
2009-07-08 16:16 . 2009-07-08 16:16 -------- d-----w- C:\My Videos
2009-07-08 16:15 . 2009-07-08 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apowersoft
2009-07-08 16:14 . 2009-07-08 16:14 -------- d-----w- c:\program files\Apowersoft
2009-07-08 15:33 . 2009-07-08 15:34 -------- d-----w- C:\56b17e21eca6fe1a247790ff7e799c
2009-07-08 15:08 . 2009-07-08 15:08 -------- d-----w- c:\program files\Vstplugins
2009-07-07 13:41 . 2009-07-07 13:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 01:57 . 2009-07-07 01:57 -------- d-----w- c:\windows\system32\ko-KR
2009-07-07 01:25 . 2009-07-07 13:39 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-07 01:16 . 2009-07-07 01:29 -------- d-----w- c:\documents and settings\owner\Application Data\Media Player Classic
2009-07-06 22:53 . 2009-07-07 13:41 -------- d-----w- c:\program files\MP3 Player Utilities 4(2).00
2009-07-06 01:55 . 2009-07-06 01:55 -------- d-----w- c:\documents and settings\owner\Application Data\Publish Providers
2009-07-06 01:35 . 2009-07-06 01:35 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Sony
2009-07-05 23:02 . 2009-07-05 23:02 -------- d-----w- c:\program files\MSBuild
2009-07-05 22:55 . 2009-07-08 15:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-05 22:54 . 2009-07-05 22:54 -------- d-----w- c:\program files\Reference Assemblies
2009-07-05 22:53 . 2006-06-29 17:07 14048 ----a-w- c:\windows\system32\spmsg2.dll
2009-07-05 22:48 . 2009-07-05 22:49 52770576 ----a-w- c:\documents and settings\owner\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 22:43 . 2009-07-06 01:35 -------- d-----w- c:\documents and settings\owner\Application Data\Sony
2009-07-05 21:32 . 2009-07-05 23:35 -------- d-----w- c:\program files\Sony
2009-07-05 21:32 . 2009-07-08 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-07-05 21:15 . 2009-07-05 21:15 23510720 ----a-w- c:\documents and settings\owner\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2009-07-05 21:15 . 2009-07-05 22:48 -------- d-----w- c:\documents and settings\owner\Application Data\Sony Setup
2009-07-05 21:15 . 2009-07-05 21:15 -------- d-----w- c:\program files\Sony Setup
2009-07-05 20:57 . 2009-07-05 20:57 -------- d-----w- c:\program files\uTorrent
2009-07-05 20:57 . 2009-07-08 20:53 -------- d-----w- c:\documents and settings\owner\Application Data\uTorrent
2009-07-04 16:39 . 2008-04-14 09:41 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2009-07-04 16:38 . 2009-07-04 16:40 -------- d-----w- c:\windows\ServicePackFiles
2009-07-04 16:05 . 2009-07-04 16:05 25088 ----a-w- c:\windows\system32\userinit(2).exe
2009-07-04 15:16 . 2009-07-04 15:17 -------- d-----w- C:\ee5899ae7454f1f22d8980e3553e67
2009-07-04 14:32 . 2009-04-29 04:55 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-04 14:32 . 2009-04-29 04:55 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-04 14:32 . 2009-04-29 04:55 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-04 14:32 . 2009-04-28 09:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-07-04 14:32 . 2009-04-29 04:55 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-04 14:32 . 2009-04-29 04:55 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-07-04 14:32 . 2009-04-29 04:55 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-07-04 14:32 . 2008-07-09 14:25 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-07-03 05:06 . 2009-07-03 05:06 -------- d-----w- c:\program files\Enigma Software Group
2009-07-02 22:49 . 2009-07-18 00:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-02 22:47 . 2009-07-04 13:58 -------- d-----w- c:\program files\Spyware Doctor
2009-07-02 22:46 . 2009-07-02 22:47 -------- d-----w- c:\documents and settings\owner\Application Data\GetRightToGo
2009-07-02 13:33 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-24 16:12 . 2009-06-24 16:12 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Identities
2009-06-24 16:07 . 2009-06-24 16:07 -------- d-----w- c:\documents and settings\owner\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 03:31 . 2009-05-01 01:36 117760 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-14 03:05 . 2009-05-01 01:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 03:02 . 2009-06-16 10:09 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-05-01 01:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-05-01 01:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 03:25 . 2009-07-10 03:25 924 ---h--w- c:\windows\Fonts\mlog
2009-07-09 13:40 . 2009-05-01 02:41 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 16:15 . 2008-11-26 00:22 79064 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 22:41 . 2009-04-30 22:59 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
2009-07-04 16:41 . 2008-11-25 06:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-02 19:37 . 2009-04-30 23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-02 14:39 . 2008-11-25 06:57 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 19:58 . 2009-05-01 01:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-16 14:36 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2004-08-04 00:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 02:01 . 2009-05-20 02:01 -------- d-----w- c:\documents and settings\owner\Application Data\GRETECH
2009-05-07 15:32 . 2004-08-04 00:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 20:54 . 2009-04-30 20:54 0 ----a-w- c:\windows\nsreg.dat
2009-04-30 19:27 . 2009-04-30 19:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-30 19:27 . 2009-04-30 19:27 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-29 04:56 . 2004-08-04 00:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 00:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-12 09:55 . 2009-04-30 20:53 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_16.50.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-18 03:28 . 2009-07-18 03:28 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ALYac"="c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2008-10-07 79304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2008-06-19 2808832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [4/30/2009 3:30 PM 24312]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\ibcxvier.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\conime.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ESTsoft\ALYac\AYAgent.aye
.
**************************************************************************
.
Completion time: 2009-07-18 23:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 03:34
ComboFix2.txt 2009-07-15 16:55
ComboFix3.txt 2009-05-01 02:35

Pre-Run: 56,773,517,312 bytes free
Post-Run: 56,748,806,144 bytes free

216 --- E O F --- 2009-07-15 13:07

And my OTL scan:
OTL logfile created on: 7/17/2009 11:35:47 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = D:\system\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 98.48 Mb Available Physical Memory | 19.56% Memory free
1.20 Gb Paging File | 0.68 Gb Available in Paging File | 56.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 52.87 Gb Free Space | 68.95% Space Free | Partition Type: NTFS
Drive D: | 29.28 Gb Total Space | 4.51 Gb Free Space | 15.40% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COM1
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/21 17:23:18 | 00,881,912 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/30 15:27:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008/04/14 05:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
PRC - [2008/04/14 05:42:16 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2005/04/05 15:22:32 | 00,094,208 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/04/05 15:19:18 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/04/05 15:23:14 | 00,114,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/07/23 17:51:26 | 16,804,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/06/18 19:01:56 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/04/30 15:27:14 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/28 15:58:33 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/21 17:22:26 | 00,820,472 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYAgent.aye
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/30 15:27:13 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/13 21:59:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\system\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/21 17:23:18 | 00,881,912 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye -- (ALYac_PZSrv [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/04/30 15:27:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/10/07 16:16:16 | 00,020,424 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC [On_Demand | Running])
DRV - [2008/12/18 19:57:44 | 00,024,312 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC [On_Demand | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2001/08/23 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/04/05 15:46:28 | 00,830,684 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/07/24 19:02:44 | 04,749,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/28 16:40:40 | 00,111,104 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\S-1-5-21-220523388-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1004336348-839522115-1003\S-1-5-21-220523388-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/30 15:27:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 11:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/07 12:12:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/07 12:12:57 | 00,000,000 | ---D | M]

[2009/04/30 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Extensions
[2009/04/30 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/30 15:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/30 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\mozilla\Firefox\Profiles\ibcxvier.default\extensions
[2009/07/13 22:06:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 05:55:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/12 05:55:29 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 05:55:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/12 05:55:31 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/07/07 12:12:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 12:12:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 12:12:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 12:12:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 12:12:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 12:12:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 12:12:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ALYac] C:\Program Files\ESTsoft\ALYac\AYUpdate.exe (ESTsoft Corp)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSPY2002] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-220523388-1004336348-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-220523388-1004336348-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-1004336348-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1246455144562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/25 02:48:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 D:\system\My Documents\*.tmp files]
[2009/07/17 23:35:17 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/17 17:23:21 | 00,243,712 | ---- | C] () -- D:\system\My Documents\DEMO.avi-0-1624289333-1.sfk
[2009/07/15 12:57:48 | 03,137,363 | R--- | C] () -- D:\system\Desktop\Combofix.exe.exe
[2009/07/15 12:53:12 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 12:53:12 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 12:53:12 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 12:53:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 12:53:12 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 12:53:12 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 12:53:12 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 12:53:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 12:53:12 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 12:53:12 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 12:53:12 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 12:53:12 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 12:53:12 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 12:53:12 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 12:53:12 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 12:53:12 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 12:53:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 12:53:12 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 12:53:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 12:53:12 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 12:53:12 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 12:53:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 12:53:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 12:53:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 12:53:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 12:53:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 12:53:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 12:53:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 12:53:12 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 12:53:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 12:53:12 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 12:53:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 12:53:11 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 12:53:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 12:53:11 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 12:53:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 12:53:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 12:44:38 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 12:43:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/13 22:08:34 | 00,286,208 | ---- | C] () -- D:\system\Desktop\vlciglsm.exe
[2009/07/13 22:08:00 | 00,033,280 | ---- | C] () -- D:\system\My Documents\naruse.doc
[2009/07/13 22:04:34 | 00,046,157 | ---- | C] (jpshortstuff) -- D:\system\Desktop\GooredFix.exe
[2009/07/13 21:59:40 | 00,513,536 | ---- | C] (OldTimer Tools) -- D:\system\Desktop\OTL.exe
[2009/07/13 15:41:28 | 00,243,712 | ---- | C] () -- D:\system\My Documents\DEMO.avi.sfk
[2009/07/13 15:38:10 | 00,000,030 | ---- | C] () -- D:\system\My Documents\DEMO.avi.sfl
[2009/07/13 14:34:35 | 61,743,7184 | ---- | C] () -- D:\system\My Documents\DEMO.avi
[2009/07/11 14:33:09 | 00,359,929 | ---- | C] () -- D:\system\Desktop\dds(2).scr
[2009/07/08 23:19:25 | 00,050,688 | ---- | C] (Atribune.org) -- D:\system\Desktop\ATF-Cleaner.exe
[2009/07/08 21:23:08 | 00,451,655 | ---- | C] () -- D:\system\Desktop\RootRepeal.zip
[2009/07/08 16:33:06 | 00,029,184 | ---- | C] () -- D:\system\My Documents\dear aromie Kim of the future.doc
[2009/07/08 15:23:43 | 18,062,0624 | ---- | C] () -- D:\system\Desktop\[Formula]_Shugo_Chara_-_01_[XviD][F8FB13A1].avi
[2009/07/08 15:09:26 | 04,496,805 | ---- | C] () -- D:\system\Desktop\stuck.mp3
[2009/07/08 13:49:28 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/08 13:49:28 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/08 13:49:26 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/07/08 13:49:26 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/07/08 13:49:25 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/08 13:49:25 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/07/08 13:49:25 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/08 13:49:25 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/07/08 13:49:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/08 13:49:24 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/07/08 13:49:24 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/07/08 13:49:23 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/08 13:49:23 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/08 13:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/07/08 13:43:30 | 14,100,376 | ---- | C] ( ) -- D:\system\Desktop\klcodec495f.exe
[2009/07/08 13:06:28 | 00,000,000 | ---D | C] -- D:\system\My Documents\Any Video Converter
[2009/07/08 13:05:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Any Video Converter
[2009/07/08 13:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/07/08 13:01:30 | 00,000,000 | ---D | C] -- D:\system\My Documents\Any Video Converter Professional
[2009/07/08 13:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Any Video Converter Professional
[2009/07/08 13:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter Professional
[2009/07/08 12:53:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Application Data\FVSTemp
[2009/07/08 12:51:49 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Application Data\IFBuilder
[2009/07/08 12:48:18 | 00,000,000 | ---D | C] -- D:\system\My Documents\OJOsoft Corporation
[2009/07/08 12:16:34 | 00,000,000 | ---D | C] -- C:\My Videos
[2009/07/08 12:15:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apowersoft
[2009/07/08 12:14:15 | 00,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2009/07/08 11:33:47 | 00,000,000 | ---D | C] -- C:\56b17e21eca6fe1a247790ff7e799c
[2009/07/08 11:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009/07/07 09:23:41 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/06 21:57:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/07/06 21:25:59 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2009/07/06 21:16:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Media Player Classic
[2009/07/06 20:35:32 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/06 18:53:05 | 00,000,000 | ---D | C] -- C:\Program Files\MP3 Player Utilities 4(2).00
[2009/07/05 21:57:07 | 00,000,000 | ---D | C] -- D:\system\My Documents\Sony Media Libraries
[2009/07/05 21:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Publish Providers
[2009/07/05 21:35:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Sony
[2009/07/05 19:02:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/05 18:55:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/07/05 18:54:06 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/05 18:53:11 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/07/05 18:43:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Sony
[2009/07/05 17:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/07/05 17:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/07/05 17:20:47 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/07/05 17:17:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/07/05 17:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Sony Setup
[2009/07/05 17:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/07/05 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/07/05 16:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\uTorrent
[2009/07/05 16:56:58 | 00,288,048 | ---- | C] (BitTorrent, Inc.) -- D:\system\Desktop\utorrent.exe
[2009/07/04 13:16:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/04 12:40:25 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/07/04 12:40:25 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/07/04 12:40:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/07/04 12:40:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/07/04 12:40:19 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/07/04 12:40:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/07/04 12:40:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/07/04 12:40:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/07/04 12:40:17 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/07/04 12:40:17 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/07/04 12:40:17 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/07/04 12:40:17 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/07/04 12:40:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\azroles.dll
[2009/07/04 12:40:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/07/04 12:40:17 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/07/04 12:40:17 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/07/04 12:40:17 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2009/07/04 12:40:17 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/07/04 12:40:17 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/07/04 12:40:17 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/07/04 12:40:17 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/07/04 12:40:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2009/07/04 12:40:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/07/04 12:40:16 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/07/04 12:40:16 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/07/04 12:40:16 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/07/04 12:40:16 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/07/04 12:40:16 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/07/04 12:40:16 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/07/04 12:40:16 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/07/04 12:40:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/07/04 12:40:16 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/07/04 12:40:16 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/07/04 12:40:16 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/07/04 12:40:16 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/07/04 12:40:16 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/07/04 12:40:16 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/07/04 12:40:16 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/07/04 12:40:16 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/07/04 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/07/04 12:40:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/07/04 12:40:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/07/04 12:40:16 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/07/04 12:40:15 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/07/04 12:40:15 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/07/04 12:40:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/07/04 12:40:14 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/07/04 12:40:14 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/07/04 12:40:14 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/07/04 12:40:14 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/07/04 12:40:14 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/07/04 12:40:14 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/07/04 12:40:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/07/04 12:40:14 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/07/04 12:40:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/07/04 12:40:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/07/04 12:40:14 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/07/04 12:40:13 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/07/04 12:40:13 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/07/04 12:40:13 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/07/04 12:40:13 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/07/04 12:40:13 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/07/04 12:40:13 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/07/04 12:40:13 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/07/04 12:40:13 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/07/04 12:40:13 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/07/04 12:40:13 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/07/04 12:40:13 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/07/04 12:40:13 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/07/04 12:40:13 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/07/04 12:40:13 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/07/04 12:40:13 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/07/04 12:40:13 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/07/04 12:40:12 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/07/04 12:40:12 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/07/04 12:40:12 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/07/04 12:40:12 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/07/04 12:40:12 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/07/04 12:40:12 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/07/04 12:40:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/07/04 12:40:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/07/04 12:40:10 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/07/04 12:40:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/07/04 12:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/07/04 12:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/07/04 12:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/07/04 12:40:04 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/07/04 12:39:48 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/07/04 12:38:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/07/04 12:36:54 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/07/04 12:36:54 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/07/04 12:36:54 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/07/04 12:36:54 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/07/04 12:36:54 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/07/04 12:36:54 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/07/04 12:36:54 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/07/04 12:36:54 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/07/04 12:36:54 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/07/04 12:36:54 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/07/04 12:36:54 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/07/04 12:36:54 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/07/04 12:36:54 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/07/04 12:36:54 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/07/04 12:36:54 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/07/04 12:36:54 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/07/04 12:36:54 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/07/04 12:36:54 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/07/04 12:36:54 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/07/04 12:36:54 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/07/04 12:36:54 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/07/04 12:36:53 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/07/04 12:36:53 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/07/04 12:36:53 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/07/04 12:36:53 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/07/04 12:36:53 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/07/04 12:36:53 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/07/04 12:36:53 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/07/04 12:36:53 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/07/04 12:36:53 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/07/04 12:36:53 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/07/04 12:36:53 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/07/04 12:36:53 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/07/04 12:36:53 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/07/04 12:36:53 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/07/04 12:36:53 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/07/04 12:36:53 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/07/04 12:36:53 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/07/04 12:36:53 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/07/04 12:36:53 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/07/04 12:36:53 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/07/04 12:36:53 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/07/04 12:36:53 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/07/04 12:36:53 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/07/04 12:36:53 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/07/04 12:36:53 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/07/04 12:36:53 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/07/04 12:36:53 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/07/04 12:36:53 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/07/04 12:36:53 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/07/04 12:36:52 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/04 12:36:52 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/07/04 12:36:52 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/07/04 12:36:52 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/07/04 12:36:52 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/07/04 12:36:52 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/07/04 12:36:52 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/07/04 12:36:52 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/07/04 12:36:52 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/07/04 12:36:52 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/07/04 12:36:52 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/07/04 12:36:52 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/07/04 12:36:52 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/07/04 12:36:52 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/07/04 12:36:52 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/07/04 12:36:51 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/07/04 12:36:51 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/07/04 12:36:51 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/07/04 12:36:51 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/07/04 12:36:51 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/07/04 12:36:51 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/07/04 12:36:51 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/07/04 12:36:51 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/07/04 12:36:51 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/07/04 12:36:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/07/04 12:36:51 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/07/04 12:36:51 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/07/04 12:36:51 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/07/04 12:36:51 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/07/04 12:36:51 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/07/04 12:36:51 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/07/04 12:36:51 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/07/04 12:36:50 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/07/04 12:36:50 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/07/04 12:33:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/07/04 12:05:28 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit(2).exe
[2009/07/04 11:16:18 | 00,000,000 | ---D | C] -- C:\ee5899ae7454f1f22d8980e3553e67
[2009/07/04 10:33:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/07/04 10:32:56 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/07/04 10:32:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/07/04 10:32:55 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/07/04 10:32:55 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/04 10:32:55 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/07/04 10:32:54 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/04 10:32:54 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/07/04 10:32:54 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/07/04 10:32:54 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/07/04 10:32:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/04 10:32:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/07/04 10:30:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/07/04 10:30:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/07/04 10:30:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/07/04 10:30:02 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/07/04 10:29:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/07/03 01:06:37 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/07/02 18:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 18:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/07/02 18:46:43 | 00,000,000 | ---D | C] -- D:\system\Desktop\Downloads
[2009/07/02 18:46:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2009/07/02 09:33:55 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/02 09:33:54 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/07/01 09:37:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/01 09:29:58 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/29 20:07:37 | 00,000,162 | -H-- | C] () -- D:\system\My Documents\~$KAYU.doc
[2009/06/29 18:38:59 | 00,000,162 | -H-- | C] () -- D:\system\My Documents\~$aras.melodyoflight.doc
[2009/06/29 10:03:39 | 02,379,275 | ---- | C] () -- D:\system\My Documents\tsukiyo no violinist part 2.JPG
[2009/06/29 10:03:16 | 01,816,642 | ---- | C] () -- D:\system\My Documents\tsukiyo no violinist.JPG
[2009/06/29 10:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\WinRAR
[2009/06/29 10:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/06/29 10:00:48 | 01,373,490 | ---- | C] () -- D:\system\Desktop\wrar39b3.exe
[2009/06/24 12:12:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Identities
[2009/06/24 12:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\AdobeUM
[2009/04/30 20:45:29 | 00,000,213 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/25 21:01:44 | 00,001,560 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/11/25 20:23:34 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/25 03:08:21 | 00,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2008/11/25 03:05:29 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfg.ini
[2008/11/25 02:59:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 D:\system\My Documents\*.tmp files]
[2009/07/17 23:30:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/17 23:29:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/17 23:29:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/17 23:28:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/17 23:28:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/17 23:20:56 | 00,029,184 | ---- | M] () -- D:\system\My Documents\dear aromie Kim of the future.doc
[2009/07/17 20:01:50 | 00,243,712 | ---- | M] () -- D:\system\My Documents\DEMO.avi-0-1624289333-1.sfk
[2009/07/15 22:42:52 | 00,076,288 | ---- | M] () -- D:\system\My Documents\charas.melodyoflight.doc
[2009/07/15 16:32:42 | 00,002,375 | ---- | M] () -- D:\system\Desktop\Microsoft Office Word 2003.lnk
[2009/07/15 12:57:52 | 03,137,363 | R--- | M] () -- D:\system\Desktop\Combofix.exe.exe
[2009/07/15 12:44:14 | 03,137,363 | R--- | M] () -- D:\system\Desktop\ComboFix.exe
[2009/07/15 12:37:50 | 00,033,280 | ---- | M] () -- D:\system\My Documents\naruse.doc
[2009/07/15 09:07:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 22:08:36 | 00,286,208 | ---- | M] () -- D:\system\Desktop\vlciglsm.exe
[2009/07/13 22:04:34 | 00,046,157 | ---- | M] (jpshortstuff) -- D:\system\Desktop\GooredFix.exe
[2009/07/13 21:59:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\system\Desktop\OTL.exe
[2009/07/13 21:49:18 | 00,054,784 | ---- | M] () -- D:\system\My Documents\Ikuto.doc
[2009/07/13 15:41:38 | 00,243,712 | ---- | M] () -- D:\system\My Documents\DEMO.avi.sfk
[2009/07/13 15:41:26 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 15:40:46 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/13 15:38:12 | 61,743,7184 | ---- | M] () -- D:\system\My Documents\DEMO.avi
[2009/07/13 15:38:12 | 00,000,030 | ---- | M] () -- D:\system\My Documents\DEMO.avi.sfl
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/11 14:33:08 | 00,359,929 | ---- | M] () -- D:\system\Desktop\dds(2).scr
[2009/07/08 23:19:26 | 00,050,688 | ---- | M] (Atribune.org) -- D:\system\Desktop\ATF-Cleaner.exe
[2009/07/08 21:23:06 | 00,451,655 | ---- | M] () -- D:\system\Desktop\RootRepeal.zip
[2009/07/08 15:26:48 | 18,062,0624 | ---- | M] () -- D:\system\Desktop\[Formula]_Shugo_Chara_-_01_[XviD][F8FB13A1].avi
[2009/07/08 15:09:40 | 04,496,805 | ---- | M] () -- D:\system\Desktop\stuck.mp3
[2009/07/08 13:44:58 | 14,100,376 | ---- | M] ( ) -- D:\system\Desktop\klcodec495f.exe
[2009/07/08 12:15:29 | 00,079,064 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/08 11:52:10 | 00,284,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 11:48:50 | 00,531,656 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/08 11:48:50 | 00,462,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/08 11:48:50 | 00,079,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/07 19:49:28 | 00,029,184 | ---- | M] () -- D:\system\My Documents\Doc.1..doc
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/05 16:56:58 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- D:\system\Desktop\utorrent.exe
[2009/07/04 13:17:10 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/07/04 13:15:40 | 05,362,348 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2009/07/04 12:36:39 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/07/04 12:05:28 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit(2).exe
[2009/07/04 09:56:01 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/01 17:56:24 | 00,047,104 | ---- | M] () -- D:\system\My Documents\KAYU.doc
[2009/07/01 09:37:54 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/29 20:07:38 | 00,000,162 | -H-- | M] () -- D:\system\My Documents\~$KAYU.doc
[2009/06/29 18:39:00 | 00,000,162 | -H-- | M] () -- D:\system\My Documents\~$aras.melodyoflight.doc
[2009/06/29 10:03:42 | 02,379,275 | ---- | M] () -- D:\system\My Documents\tsukiyo no violinist part 2.JPG
[2009/06/29 10:03:20 | 01,816,642 | ---- | M] () -- D:\system\My Documents\tsukiyo no violinist.JPG
[2009/06/29 10:00:54 | 01,373,490 | ---- | M] () -- D:\system\Desktop\wrar39b3.exe
[2009/06/28 20:03:22 | 00,068,608 | ---- | M] () -- D:\system\My Documents\junk2.doc
[2009/06/20 22:06:48 | 00,039,424 | ---- | M] () -- D:\system\My Documents\SORAKOMI.AMAI.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >



As for the Userinit situation, well...instead of getting the Logon screen and having to constantly click on my user account, I am transported to the Welcome screen and I immediately get hit with the Genuine Validation notice that asks me if I wanted to resolve the problem. I guess it saves me from the frustrating Logon problem...but it still isn't very pleasant
I just checked my Userinit key, and this is how its data is displayed: "C:\WINDOWS\system32\userinit.exe,"

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 18 July 2009 - 07:38 AM

Hi Armie Kim,

I am sorry to say, that the lack of message does not equal a legit version of XP. Your earlier logs showed, that you had blocked access to Microsoft validation site, making it impossible for Windows to verify if it was genuine or not.
Did you buy the PC with the operating system or seperately? Do you still have the original key?
As said I won't and can't help you bypass the authenticity check.
If you have a legit version and still own the proof of purchase, you can contact Microsoft and they should issue you a new key which will pass WGA. There are a couple of legal alternatives shown on the Microsoft page I linked to in my previous post.

Otherwise your logs actually look pretty good. The userinit-entry is exactly as it should be. :thumbup2: Has it been reappearing/disappearing lately?

I would like you to make an online scan to see if there are still some left overs on your PC:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post the log in your next reply.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Acrobat Reader is also out of date!
Please uninstall Acrobat Reader using Add/Remove and download the latest version from Adobe if you still want to use it: Adobe (If you use Internet Explorer, make sure to untick the google toolbar, unless you actually want to use it)

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Armie Kim

Armie Kim
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 18 July 2009 - 05:25 PM

Thank you very much!

Here is my scan log:
D:\System Volume Information\_restore{9B06FF9B-3A0E-4D56-AE65-8B63920C5886}\RP221\A0062264.exe probably a variant of Win32/TrojanDownloader.Zlob trojan cleaned by deleting - quarantined
D:\System Volume Information\_restore{9B06FF9B-3A0E-4D56-AE65-8B63920C5886}\RP170\A0059205.dll probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined
D:\system\My Documents\Install_AIM.exe Win32/Adware.WBug.A application deleted - quarantined


On a previous scan that was incomplete, it caught 15 infections all related to Win32.Adware material, but it then reported that they were deleted

I'm not entirely sure about the whole Windows genuine validation process, but I'll try to find out how to fix it.
Thank you so much for helping me so far!

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:21 AM

Posted 19 July 2009 - 09:17 AM

Hi Armie Kim,

glad to hear that everything else is working fine. :)

We're going to remove the tools we used from your PC and you can reenable Spybot if you want to. If you have any problems, please let me know before proceeding. :cool:


Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
  • Uninstall ESET via Add/Remove
  • Run OTL one last time
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
[*]If you want to set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

[*]Disable and Enable System Restore.
You can find instructions on how to disable and reenable system restore here:

Windows XP System Restore Guide

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!
[/list]Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Some more links you might find of interest:Do you have any remaining questions?

regards
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users