Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Experiencing slow pc, can someone insepct my log


  • This topic is locked This topic is locked
10 replies to this topic

#1 gian0819

gian0819

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:59 AM

Posted 13 August 2009 - 09:03 AM

im using kaspersky for anti virus, malware bytes for anti malware and comodo firewall for my personal firewall. i don't know what happened but i cannot connect to yahoo messenger. i also experienced slow application response, as in slow. heres my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:44 PM, on 8/13/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\backup april10C\My Documents\Downloaded apps\spywareblastersetup40.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - blank (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\Windows\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9872 bytes
"you cannot please everyone...but you"
Intel Celeron D 2.66 ghz
Windows Xp Media Center modded with vista styles
512+256 mb ddr geforce fx5500 256mb
80+20 gb Seagate Hard Disks

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:59 PM

Posted 24 August 2009 - 04:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 gian0819

gian0819
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:59 AM

Posted 25 August 2009 - 08:21 AM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gian at 21:14:06.96 on Tue 08/25/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.63.1033.18.1013.235 [GMT 8:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - blank
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Camfrog] "c:\program files\camfrog\camfrog video chat\camfrognet.exe" 0 c:\program files\camfrog\camfrog video chat\Camfrog Video Chat.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\gian\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\gian\appdata\roaming\mozilla\firefox\profiles\qgt7i7fh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2285220&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - GoldMember Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2285220&SearchSource=2&q=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\users\gian\appdata\roaming\mozilla\firefox\profiles\qgt7i7fh.default\extensions\{0fc64d74-ea76-49a3-b606-7801b5013798}\components\FFExternalAlert.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-19 85008]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-19 25104]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-5 19096]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2009-8-13 240128]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-8-9 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GarenaPEngine;GarenaPEngine;c:\users\gian\appdata\local\temp\VJR8296.tmp [2009-8-8 18704]

=============== Created Last 30 ================

2009-08-23 15:04 <DIR> --d----- c:\programdata\WindowsSearch
2009-08-23 12:49 <DIR> --d----- c:\users\gian\.housecall6.6
2009-08-23 10:06 615 a------- c:\windows\eReg.dat
2009-08-23 09:59 <DIR> --d----- c:\program files\EA Games
2009-08-23 09:52 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-08-23 09:52 <DIR> --d----- c:\program files\MagicDisc
2009-08-23 09:46 <DIR> --d----- c:\program files\MagicISO
2009-08-22 19:56 <DIR> --d----- c:\users\gian\appdata\roaming\Yandex
2009-08-21 19:54 916,480 a------- c:\windows\system32\sqliteodbc2009.dll
2009-08-21 19:54 <DIR> --d----- c:\windows\system32\SQLite2009Pro
2009-08-21 19:54 <DIR> --d----- c:\program files\Osen Kusnadi
2009-08-21 19:02 <DIR> --d----- c:\program files\Wide Angle Software
2009-08-21 17:59 <DIR> --d----- c:\program files\Tansee iPhone Transfer Contact
2009-08-21 17:56 <DIR> --d----- c:\program files\Tansee iPhone Copy
2009-08-21 17:45 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-21 17:45 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-21 17:44 <DIR> --d----- c:\program files\iPod
2009-08-21 17:43 <DIR> --d----- c:\program files\iTunes
2009-08-21 17:15 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-21 17:04 545 a------- c:\windows\UC.PIF
2009-08-21 17:04 545 a------- c:\windows\RAR.PIF
2009-08-21 17:04 545 a------- c:\windows\PKZIP.PIF
2009-08-21 17:04 545 a------- c:\windows\PKUNZIP.PIF
2009-08-21 17:04 545 a------- c:\windows\NOCLOSE.PIF
2009-08-21 17:04 545 a------- c:\windows\LHA.PIF
2009-08-21 17:04 545 a------- c:\windows\ARJ.PIF
2009-08-21 17:04 <DIR> --d----- c:\users\gian\appdata\roaming\GHISLER
2009-08-21 17:04 <DIR> --d----- C:\totalcmd
2009-08-21 16:03 <DIR> --d----- c:\program files\WinSCP
2009-08-16 12:18 71,680 a------- c:\windows\system32\atl.dll
2009-08-16 12:16 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-16 12:16 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-16 12:16 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-16 12:16 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-16 12:16 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-16 12:16 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-16 12:16 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-13 21:58 115,920 a------- c:\windows\system32\MSINET.OCX
2009-08-13 21:58 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-13 21:56 <DIR> --d----- c:\program files\Trend Micro
2009-08-13 16:11 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-08-13 15:55 171,136 a--shr-- C:\grldr
2009-08-13 15:34 240,128 a------- c:\windows\system32\drivers\royal.sys
2009-08-13 15:33 <DIR> --d----- c:\windows\Crack
2009-08-13 15:02 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-13 14:58 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-13 14:53 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-09 17:30 <DIR> --d----- c:\users\gian\Tracing
2009-08-09 15:50 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-08-09 15:50 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-08-09 15:47 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-09 15:46 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-09 14:54 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-09 14:52 <DIR> --d----- c:\program files\Microsoft
2009-08-08 14:18 687,104 a------- c:\windows\is-7C5H6.exe
2009-08-08 14:18 10,498 a------- c:\windows\is-7C5H6.msg
2009-08-08 14:18 422 a------- c:\windows\is-7C5H6.lst
2009-07-30 00:07 <DIR> --d----- c:\users\gian\appdata\roaming\Camfrog
2009-07-30 00:04 <DIR> --d----- c:\program files\Camfrog

==================== Find3M ====================

2009-08-24 12:47 835,616 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-08-24 12:47 4,984 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-24 12:47 4,716,576 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-24 12:47 38,976 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-23 09:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-23 09:52 86,016 a------- c:\windows\inf\infstor.dat
2009-08-23 09:52 51,200 a------- c:\windows\inf\infpub.dat
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 20:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-22 05:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-22 05:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-22 05:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-22 04:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-21 21:56 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-19 18:59 687,104 a------- c:\windows\is-ACBFC.exe
2009-07-19 17:13 143,104 a------- c:\windows\system32\guard32.dll
2009-07-19 17:13 85,008 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-19 17:13 25,104 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-07-19 13:13 50,688 a------- c:\windows\system32\wbhelp2.dll
2009-07-18 20:05 174 a--sh--- c:\program files\desktop.ini
2009-07-18 19:34 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-07-18 19:33 82,432 a------- c:\windows\system32\axaltocm.dll
2009-07-12 20:00 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-12 16:51 61,440 a------- c:\windows\system32\winipsec.dll
2009-07-12 16:51 272,896 a------- c:\windows\system32\polstore.dll
2009-07-12 16:42 6,014,976 a------- c:\windows\system32\NlsLexicons001a.dll
2009-07-11 18:38 2,034,688 a------- c:\windows\system32\win32k.sys
2009-07-11 18:23 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-11 18:20 2,048 a------- c:\windows\system32\msxml3r.dll
2009-07-11 18:06 623,616 a------- c:\windows\system32\localspl.dll
2009-07-11 17:55 6,656 a------- c:\windows\system32\kbd106n.dll
2009-07-11 17:48 9,728 a------- c:\windows\system32\lsass.exe
2009-07-11 17:46 37,888 a------- c:\windows\system32\printcom.dll
2009-07-11 17:44 14,848 a------- c:\windows\system32\wshrm.dll
2009-07-11 17:36 84,480 a------- c:\windows\system32\INETRES.dll
2009-07-11 17:32 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-11 17:19 2,048 a------- c:\windows\system32\msxml6r.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-07-05 20:04 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-07-05 20:04 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-07-05 20:04 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-07-05 19:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-05 18:21 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-05 18:20 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-05 18:20 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-05 18:20 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-05 18:11 319,456 a------- c:\windows\DIFxAPI.dll
2009-06-15 22:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 22:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 22:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 22:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 20:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-03 00:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-30 05:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-30 05:31 881,664 a------- c:\windows\system32\xvidcore.dll
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:20:01.40 ===============
"you cannot please everyone...but you"
Intel Celeron D 2.66 ghz
Windows Xp Media Center modded with vista styles
512+256 mb ddr geforce fx5500 256mb
80+20 gb Seagate Hard Disks

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 31 August 2009 - 05:48 PM

Hi gian0819,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

There's a bad driver sitting in that log and we need to check for other possible issues that the DDS log doesn't cover.


First though,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case UTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


On to the scans

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Next

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Finally

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

Copy and paste the log into your next reply


Hopefully we won't find anything else and we can remove what there is showing. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 gian0819

gian0819
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:59 AM

Posted 02 September 2009 - 07:48 AM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/01 07:16
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8DDF8000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8DA00000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA89C1000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\WINDOW~3.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\WINDOW~3.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\WINDOW~3.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\WINDOW~3.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SEC543~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE0F57~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE7561~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SEC6C7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4F78~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE427A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE1FB8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-zipfldr_31bf3856ad364e35_6.0.6001.18000_none_78064a3c3548869b\COMPRE~1.ZFS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-zipfldr_31bf3856ad364e35_6.0.6002.18005_none_79f1c348326a51e7\COMPRE~1.ZFS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON
Status: Locked to the Windows API!

Path: c:\programdata\kaspersky lab\avp8\data\av304f.tmp
Status: Allocation size mismatch (API: 55578624, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\data\av4f5b.tmp
Status: Allocation size mismatch (API: 55799808, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\data\av993a.tmp
Status: Allocation size mismatch (API: 55812096, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\01\0000004d_objdt.dat
Status: Allocation size mismatch (API: 136, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\01\0000004d_objid.dat
Status: Allocation size mismatch (API: 48, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\01\0000004e_events.dat
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\01\0000004e_objbt.dat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\01\0000004e_objdt.dat
Status: Allocation size mismatch (API: 208, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\01\0000004e_objid.dat
Status: Allocation size mismatch (API: 72, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\02\00000022_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\02\00000022_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\02\00000022_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\03\00000026_events.dat
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\03\00000026_objdt.dat
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\03\00000026_objid.dat
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\04\00000022_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\04\00000022_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\04\00000022_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\09\00000022_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\09\00000022_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\programdata\kaspersky lab\avp8\report\09\00000022_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SEC543~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE0F57~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE7561~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE427A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE1FB8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SEC6C7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SECURI~2.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE4F78~1.XRM
Status: Locked to the Windows API!

Path: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\COMPRE~1.ZFS
Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.15.crwl
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.15.gthr
Status: Allocation size mismatch (API: 200, Raw: 0)

Path: c:\users\gian\appdata\local\mozilla\firefox\profiles\qgt7i7fh.default\urlclassifier3.sqlite
Status: Allocation size mismatch (API: 42663936, Raw: 42467328)

Path: c:\users\gian\appdata\roaming\mozilla\firefox\profiles\qgt7i7fh.default\sessionstore.js
Status: Size mismatch (API: 117076, Raw: 116256)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1228 Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc84d50

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc85b38

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc8517c

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc84346

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc84964

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc840a8

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc847d6

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc84f36

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc83c78

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc83b2a

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc857d8

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc84b74

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc8384a

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc8467a

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc839d2

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc841be

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc855b6

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc85978

#: 326 Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc84508

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc8456e

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc83f72

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc83e40

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc85282

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc85d82

Shadow SSDT
-------------------
#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86b38

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc8693e

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86a38

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86686

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86338

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc864e4

#: 513 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86c38

#: 525 Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86848

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86d2e

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8dc86f58

==EOF==


OTL logfile created on: 9/2/2009 8:35:48 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Gian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1013.44 Mb Total Physical Memory | 142.95 Mb Available Physical Memory | 14.10% Memory free
3.22 Gb Paging File | 0.51 Gb Available in Paging File | 15.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.04 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 617.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 676.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIAN-PC
Current User Name: Gian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/19 17:13:14 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [2008/12/05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2009/04/11 14:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2008/01/19 15:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/11/26 04:41:32 | 06,691,360 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/05 19:00:21 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/21 18:39:28 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2008/02/11 20:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/23 17:21:28 | 00,798,720 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2009/08/03 13:36:14 | 00,419,088 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/11 14:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2009/07/19 13:17:29 | 00,921,600 | R--- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2008/07/03 10:37:24 | 00,812,952 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2009/02/23 19:43:12 | 00,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/04/11 14:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/09 17:32:00 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/02 20:34:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/21 18:39:28 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/30 12:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/07/19 17:13:14 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/01/19 15:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 20:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 20:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/04/11 14:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/19 02:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2009/02/19 02:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/12/05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2009/02/19 02:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/01/19 15:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2008/01/19 15:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 04:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 17:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 17:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 17:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 17:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 17:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 17:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 17:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 17:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/12/17 17:14:06 | 00,012,400 | ---- | M] () -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2006/11/02 16:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 16:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 16:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 16:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 16:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 16:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2009/07/19 17:13:15 | 00,085,008 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/07/19 17:13:15 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2006/11/02 17:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 15:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 17:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 17:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 17:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 17:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2009/07/19 17:13:15 | 00,073,232 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\inspect.sys -- (Inspect [On_Demand | Running])
DRV - [2008/11/26 00:26:56 | 02,243,040 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 17:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 17:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\kl1.sys -- (kl1 [System | Running])
DRV - [2009/07/05 20:04:13 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\Windows\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/07/05 20:04:13 | 00,239,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/07/09 17:28:26 | 00,020,496 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klim6.sys -- (KLIM6 [System | Running])
DRV - [2008/10/09 15:42:42 | 00,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER [On_Demand | Running])
DRV - [2006/11/02 17:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 17:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 17:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2006/11/02 17:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 17:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/10/19 13:44:48 | 00,007,680 | ---- | M] () -- C:\Windows\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2006/11/02 17:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 15:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 17:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 17:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2009/08/13 15:34:25 | 00,240,128 | ---- | M] (PARADOX) -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice [Boot | Stopped])
DRV - [2006/11/02 17:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 17:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/08/07 00:26:00 | 00,124,928 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 14:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 17:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 17:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 17:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 17:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 17:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 17:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 17:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 17:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2006/11/02 17:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 17:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 E7 15 94 73 28 CA 01 [binary data]
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\S-1-5-21-3446841995-219912761-3712962249-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\S-1-5-21-3446841995-219912761-3712962249-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "GoldMember Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2285220&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "GoldMember Customized Web Search"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {0fc64d74-ea76-49a3-b606-7801b5013798}:2.2.0.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2285220&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 21:28:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/09 17:32:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/09 17:32:20 | 00,000,000 | ---D | M]

[2009/07/19 12:30:19 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Extensions
[2009/07/05 18:25:37 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/19 12:30:19 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/08/30 20:53:55 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions
[2009/08/03 09:35:47 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\{0fc64d74-ea76-49a3-b606-7801b5013798}
[2009/07/15 20:38:58 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/05 18:41:47 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/30 20:53:40 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/12 19:13:36 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\personas@christopher.beard
[2009/08/22 19:55:47 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\yasearch@yandex.ru
[2009/08/22 19:55:38 | 00,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\qgt7i7fh.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2009/08/02 13:51:46 | 00,000,882 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\Mozilla\FireFox\Profiles\qgt7i7fh.default\searchplugins\conduit.xml
[2009/07/05 19:01:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/09 17:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/05 19:01:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/09 17:31:57 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/09 17:31:58 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/30 13:44:08 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/05 19:00:23 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/09 17:32:03 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/15 21:50:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 21:50:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 21:50:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 21:50:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 21:50:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 21:50:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 21:50:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/24 19:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 19:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 19:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 19:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 19:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 19:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 19:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [Camfrog] C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare LLC)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3446841995-219912761-3712962249-1000\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/01/18 03:45:56 | 01,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/01/18 03:45:56 | 01,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/01/13 09:15:14 | 00,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/01/13 11:55:14 | 00,001,164 | R--- | M] () - E:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2003/01/13 09:15:14 | 00,000,031 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9a5c8b08-6fae-11de-a1ec-00248cd34274}\Shell\AutoRun\command - "" = wscript.exe samok.vbs
O33 - MountPoints2\{9a5c8b08-6fae-11de-a1ec-00248cd34274}\Shell\Open\Command - "" = wscript.exe samok.vbs
O33 - MountPoints2\{f95f8c2a-8f85-11de-8116-00248cd34274}\Shell - "" = AutoRun
O33 - MountPoints2\{f95f8c2a-8f85-11de-8116-00248cd34274}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/01/18 03:45:56 | 01,101,824 | R--- | M] ()
O33 - MountPoints2\{f95f8c2b-8f85-11de-8116-00248cd34274}\Shell - "" = AutoRun
O33 - MountPoints2\{f95f8c2b-8f85-11de-8116-00248cd34274}\Shell\AutoRun\command - "" = F:\noautorun.exe -- [2003/01/13 09:15:14 | 00,036,864 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/02 20:33:39 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe
[2009/09/01 07:15:52 | 00,000,000 | ---- | C] () -- C:\Users\Gian\Desktop\settings.dat
[2009/09/01 07:15:11 | 00,472,064 | ---- | C] ( ) -- C:\Users\Gian\Desktop\RootRepeal.exe
[2009/09/01 01:31:35 | 00,000,000 | ---D | C] -- C:\76190b1ee02172a5db32dca60543e5
[2009/08/29 16:18:12 | 00,000,776 | ---- | C] () -- C:\Users\Gian\Desktop\Garena.lnk
[2009/08/29 16:17:59 | 00,000,000 | ---D | C] -- C:\Program Files\Garena
[2009/08/29 14:42:44 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/08/29 14:06:15 | 00,001,670 | ---- | C] () -- C:\Users\Gian\Desktop\CCleaner.lnk
[2009/08/29 13:59:41 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/29 13:59:38 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/29 13:59:37 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/29 13:59:34 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/29 13:59:29 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/29 13:59:28 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/29 13:59:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/29 13:59:25 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/26 22:10:39 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/26 21:37:44 | 00,001,758 | ---- | C] () -- C:\Users\Gian\Desktop\CinemaForge.lnk
[2009/08/26 21:37:41 | 00,000,000 | ---D | C] -- C:\CFdownloads
[2009/08/26 21:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\CinemaForge
[2009/08/26 21:37:25 | 01,577,792 | ---- | C] (XMLAuthor Inc.) -- C:\Windows\screengenie.scr
[2009/08/26 19:52:20 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/26 19:52:16 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/25 22:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Gomez
[2009/08/25 21:13:34 | 00,359,932 | ---- | C] () -- C:\Users\Gian\Desktop\dds.scr
[2009/08/23 15:04:14 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/08/23 12:55:58 | 00,000,036 | ---- | C] () -- C:\Users\Gian\AppData\Local\housecall.guid.cache
[2009/08/23 10:08:32 | 00,000,000 | ---D | C] -- C:\Users\Gian\Documents\Command and Conquer Generals Data
[2009/08/23 10:06:22 | 00,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2009/08/23 09:59:26 | 00,001,659 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer Generals.lnk
[2009/08/23 09:59:23 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2009/08/23 09:53:12 | 00,000,798 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/08/23 09:53:12 | 00,000,762 | ---- | C] () -- C:\Users\Gian\Desktop\MagicDisc.lnk
[2009/08/23 09:52:29 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2009/08/23 09:52:27 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/08/23 09:46:49 | 00,001,608 | ---- | C] () -- C:\Users\Gian\Desktop\MagicISO.lnk
[2009/08/23 09:46:23 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/08/22 19:56:15 | 00,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\Yandex
[2009/08/21 20:04:53 | 00,000,000 | ---D | C] -- C:\Users\Gian\Desktop\iphone-3.0 firmware
[2009/08/21 19:54:05 | 00,000,931 | ---- | C] () -- C:\Users\Public\Desktop\SQLite2009 Pro.lnk
[2009/08/21 19:54:02 | 00,916,480 | ---- | C] (Osen Kusnadi) -- C:\Windows\System32\sqliteodbc2009.dll
[2009/08/21 19:54:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\SQLite2009Pro
[2009/08/21 19:54:00 | 00,000,000 | ---D | C] -- C:\Program Files\Osen Kusnadi
[2009/08/21 19:47:05 | 00,000,336 | ---- | C] () -- C:\Users\Gian\AppData\Local\Failed Copy
[2009/08/21 19:44:40 | 00,001,488 | ---- | C] () -- C:\Users\Gian\AppData\Local\.ipc_copyrecord
[2009/08/21 19:44:39 | 00,000,000 | ---D | C] -- C:\Users\Gian\Desktop\iPodContent
[2009/08/21 19:43:17 | 00,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\tcbackup
[2009/08/21 19:43:16 | 00,001,232 | ---- | C] () -- C:\Users\Gian\AppData\Local\iTunesPrefs
[2009/08/21 19:42:14 | 00,000,000 | ---D | C] -- C:\Users\Gian\Documents\iphone backups
[2009/08/21 19:36:51 | 00,000,056 | ---- | C] () -- C:\Users\Gian\AppData\Local\84756-11986-27475-00TC1-94865
[2009/08/21 19:35:38 | 00,001,928 | ---- | C] () -- C:\Users\Public\Desktop\TouchCopy.lnk
[2009/08/21 19:04:11 | 00,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\Wide Angle Software
[2009/08/21 19:02:31 | 00,001,934 | ---- | C] () -- C:\Users\Public\Desktop\TouchCopy 09.lnk
[2009/08/21 19:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Wide Angle Software
[2009/08/21 17:59:58 | 00,000,000 | ---D | C] -- C:\Users\Gian\Documents\Tansee
[2009/08/21 17:59:52 | 00,001,023 | ---- | C] () -- C:\Users\Gian\Desktop\iPhone Contact.lnk
[2009/08/21 17:59:51 | 00,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Transfer Contact
[2009/08/21 17:56:28 | 00,000,812 | ---- | C] () -- C:\Users\Gian\Desktop\Tansee iPhone Copy.lnk
[2009/08/21 17:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Copy
[2009/08/21 17:45:41 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/21 17:45:28 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/08/21 17:45:28 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/08/21 17:44:28 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/21 17:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/21 17:15:42 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/21 17:04:48 | 00,000,584 | ---- | C] () -- C:\Users\Gian\Desktop\Total Commander.lnk
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2009/08/21 17:04:46 | 00,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2009/08/21 17:04:45 | 00,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\GHISLER
[2009/08/21 17:04:45 | 00,000,000 | ---D | C] -- C:\totalcmd
[2009/08/21 17:01:27 | 00,000,000 | ---D | C] -- C:\Users\Gian\Desktop\iphone
[2009/08/21 16:04:04 | 00,000,600 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\winscp.rnd
[2009/08/21 16:03:35 | 00,001,586 | ---- | C] () -- C:\Users\Gian\Desktop\WinSCP.lnk
[2009/08/21 16:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2009/08/19 11:28:14 | 00,035,136 | ---- | C] (XMLAuthor Inc.) -- C:\Windows\System32\npmirage.dll
[2009/08/19 11:28:13 | 00,300,352 | ---- | C] (XMLAuthor Inc.) -- C:\Windows\System32\xmirage.ocx
[2009/08/19 11:28:12 | 01,577,792 | ---- | C] (XMLAuthor Inc.) -- C:\Windows\System32\xmirage.exe
[2009/08/18 21:54:43 | 00,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\dvdcss
[2009/08/17 10:37:52 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/08/17 10:33:52 | 00,001,964 | ---- | C] () -- C:\Users\Gian\Desktop\Camfrog Video Chat 3.93.lnk
[2009/08/16 12:18:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/16 12:16:25 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/16 12:16:22 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/16 12:16:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/16 12:16:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/16 12:16:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/16 12:16:19 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/16 12:16:17 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/16 12:16:17 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/13 21:58:13 | 00,000,812 | ---- | C] () -- C:\Users\Gian\Desktop\SpywareBlaster.lnk
[2009/08/13 21:58:12 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/08/13 21:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/08/13 21:57:07 | 00,001,874 | ---- | C] () -- C:\Users\Gian\Desktop\HijackThis.lnk
[2009/08/13 21:56:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/13 21:55:22 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Users\Gian\Desktop\VirtumundoBeGone.exe
[2009/08/13 16:12:14 | 00,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\Microsoft Corporation
[2009/08/13 16:11:37 | 00,002,042 | ---- | C] () -- C:\Users\Gian\Desktop\Windows 7 Upgrade Advisor Beta.lnk
[2009/08/13 16:11:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2009/08/13 15:55:06 | 00,171,136 | RHS- | C] () -- C:\grldr
[2009/08/13 15:34:25 | 00,240,128 | ---- | C] (PARADOX) -- C:\Windows\System32\drivers\royal.sys
[2009/08/13 15:33:59 | 00,000,000 | ---D | C] -- C:\Windows\Crack
[2009/08/13 15:31:13 | 00,000,000 | ---D | C] -- C:\Users\Gian\Documents\ACTIVATE ALL VISTA
[2009/08/13 15:02:01 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/13 14:58:55 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/13 14:53:42 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/09 18:20:57 | 00,000,000 | ---D | C] -- C:\Users\Gian\Documents\kiskavkeys
[2009/08/09 17:30:32 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/08/09 15:50:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/08/09 15:50:06 | 00,055,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/08/09 15:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/08/09 15:47:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/08/09 15:46:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/09 15:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/09 14:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/08/09 14:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/09 14:52:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/08 14:18:37 | 00,687,104 | ---- | C] () -- C:\Windows\is-7C5H6.exe
[2009/08/08 14:18:37 | 00,010,498 | ---- | C] () -- C:\Windows\is-7C5H6.msg
[2009/08/08 14:18:37 | 00,000,422 | ---- | C] () -- C:\Windows\is-7C5H6.lst
[2009/08/06 23:10:54 | 00,012,176 | ---- | C] () -- C:\Users\Gian\Documents\hum2 wr.docx
[2009/08/06 22:16:14 | 00,971,776 | ---- | C] () -- C:\Users\Gian\Documents\Anita Magsaysay- Ho.ppt
[2009/08/06 21:19:15 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/07/26 13:46:20 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/19 17:13:17 | 00,143,104 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2009/07/11 17:28:02 | 00,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2009/07/11 17:27:50 | 00,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/07/11 17:27:41 | 00,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/07/11 17:27:41 | 00,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/07/10 18:59:14 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/10 18:59:13 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/07/10 18:59:11 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/10 18:59:10 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/07/10 18:59:10 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/10 18:59:08 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/10 18:59:08 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/07/05 17:46:34 | 00,022,379 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/07/05 17:46:11 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/05 17:45:45 | 00,021,970 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/05 17:45:45 | 00,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 20:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 15:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/02/24 05:34:48 | 00,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/23 03:09:20 | 00,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== Files - Modified Within 30 Days ==========

[2009/09/02 20:43:03 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C28E7307-135D-4CAC-BE20-F2B6784C7DBA}.job
[2009/09/02 20:34:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe
[2009/09/02 19:19:06 | 00,005,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/02 19:19:06 | 00,005,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 07:15:52 | 00,000,000 | ---- | M] () -- C:\Users\Gian\Desktop\settings.dat
[2009/09/01 07:14:08 | 00,472,064 | ---- | M] ( ) -- C:\Users\Gian\Desktop\RootRepeal.exe
[2009/08/31 20:00:00 | 00,000,544 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Gian.job
[2009/08/30 17:18:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/30 17:18:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/30 17:18:08 | 10,634,44480 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 19:39:57 | 03,441,061 | -H-- | M] () -- C:\Users\Gian\AppData\Local\IconCache.db
[2009/08/29 16:18:12 | 00,000,776 | ---- | M] () -- C:\Users\Gian\Desktop\Garena.lnk
[2009/08/29 14:06:15 | 00,001,670 | ---- | M] () -- C:\Users\Gian\Desktop\CCleaner.lnk
[2009/08/27 07:15:38 | 04,716,576 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/27 07:15:38 | 00,835,616 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/08/27 07:15:38 | 00,038,976 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/08/27 07:15:38 | 00,004,984 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2009/08/26 21:38:26 | 00,001,758 | ---- | M] () -- C:\Users\Gian\Desktop\CinemaForge.lnk
[2009/08/25 21:12:50 | 00,359,932 | ---- | M] () -- C:\Users\Gian\Desktop\dds.scr
[2009/08/23 16:37:04 | 00,368,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/23 12:55:58 | 00,000,036 | ---- | M] () -- C:\Users\Gian\AppData\Local\housecall.guid.cache
[2009/08/23 12:52:49 | 00,000,600 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\winscp.rnd
[2009/08/23 12:15:25 | 00,100,256 | ---- | M] () -- C:\Users\Gian\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/23 10:06:22 | 00,000,615 | ---- | M] () -- C:\Windows\eReg.dat
[2009/08/23 09:59:26 | 00,001,659 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Generals.lnk
[2009/08/23 09:55:38 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/23 09:55:38 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/23 09:55:38 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/23 09:53:12 | 00,000,798 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/08/23 09:53:12 | 00,000,762 | ---- | M] () -- C:\Users\Gian\Desktop\MagicDisc.lnk
[2009/08/23 09:46:49 | 00,001,608 | ---- | M] () -- C:\Users\Gian\Desktop\MagicISO.lnk
[2009/08/21 19:54:05 | 00,000,931 | ---- | M] () -- C:\Users\Public\Desktop\SQLite2009 Pro.lnk
[2009/08/21 19:47:05 | 00,001,488 | ---- | M] () -- C:\Users\Gian\AppData\Local\.ipc_copyrecord
[2009/08/21 19:47:05 | 00,000,336 | ---- | M] () -- C:\Users\Gian\AppData\Local\Failed Copy
[2009/08/21 19:43:17 | 00,001,232 | ---- | M] () -- C:\Users\Gian\AppData\Local\iTunesPrefs
[2009/08/21 19:37:08 | 00,000,056 | ---- | M] () -- C:\Users\Gian\AppData\Local\84756-11986-27475-00TC1-94865
[2009/08/21 19:35:38 | 00,001,928 | ---- | M] () -- C:\Users\Public\Desktop\TouchCopy.lnk
[2009/08/21 19:02:31 | 00,001,934 | ---- | M] () -- C:\Users\Public\Desktop\TouchCopy 09.lnk
[2009/08/21 17:59:52 | 00,001,023 | ---- | M] () -- C:\Users\Gian\Desktop\iPhone Contact.lnk
[2009/08/21 17:56:28 | 00,000,812 | ---- | M] () -- C:\Users\Gian\Desktop\Tansee iPhone Copy.lnk
[2009/08/21 17:45:41 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/21 17:15:42 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/21 17:04:48 | 00,000,584 | ---- | M] () -- C:\Users\Gian\Desktop\Total Commander.lnk
[2009/08/21 16:03:35 | 00,001,586 | ---- | M] () -- C:\Users\Gian\Desktop\WinSCP.lnk
[2009/08/19 11:28:14 | 00,035,136 | ---- | M] (XMLAuthor Inc.) -- C:\Windows\System32\npmirage.dll
[2009/08/19 11:28:13 | 00,300,352 | ---- | M] (XMLAuthor Inc.) -- C:\Windows\System32\xmirage.ocx
[2009/08/19 11:28:12 | 01,577,792 | ---- | M] (XMLAuthor Inc.) -- C:\Windows\System32\xmirage.exe
[2009/08/19 11:28:12 | 01,577,792 | ---- | M] (XMLAuthor Inc.) -- C:\Windows\screengenie.scr
[2009/08/17 10:41:36 | 00,034,308 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2009/08/17 10:40:32 | 00,001,964 | ---- | M] () -- C:\Users\Gian\Desktop\Camfrog Video Chat 5.3.lnk
[2009/08/17 10:33:52 | 00,001,964 | ---- | M] () -- C:\Users\Gian\Desktop\Camfrog Video Chat 3.93.lnk
[2009/08/13 21:58:13 | 00,000,812 | ---- | M] () -- C:\Users\Gian\Desktop\SpywareBlaster.lnk
[2009/08/13 21:57:07 | 00,001,874 | ---- | M] () -- C:\Users\Gian\Desktop\HijackThis.lnk
[2009/08/13 16:11:37 | 00,002,042 | ---- | M] () -- C:\Users\Gian\Desktop\Windows 7 Upgrade Advisor Beta.lnk
[2009/08/13 15:55:06 | 00,171,136 | RHS- | M] () -- C:\grldr
[2009/08/13 15:34:25 | 00,240,128 | ---- | M] (PARADOX) -- C:\Windows\System32\drivers\royal.sys
[2009/08/08 14:18:37 | 00,687,104 | ---- | M] () -- C:\Windows\is-7C5H6.exe
[2009/08/08 14:18:37 | 00,010,498 | ---- | M] () -- C:\Windows\is-7C5H6.msg
[2009/08/08 14:18:37 | 00,000,422 | ---- | M] () -- C:\Windows\is-7C5H6.lst
[2009/08/06 23:14:15 | 00,971,776 | ---- | M] () -- C:\Users\Gian\Documents\Anita Magsaysay- Ho.ppt
[2009/08/06 23:10:57 | 00,012,176 | ---- | M] () -- C:\Users\Gian\Documents\hum2 wr.docx
[2009/08/06 21:19:15 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A9662AE0
< End of report >



OTL Extras logfile created on: 9/2/2009 8:35:49 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Gian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1013.44 Mb Total Physical Memory | 142.95 Mb Available Physical Memory | 14.10% Memory free
3.22 Gb Paging File | 0.51 Gb Available in Paging File | 15.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.04 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 617.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 676.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIAN-PC
Current User Name: Gian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052A3C80-FE65-4152-8A0A-3BE91A2D6CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C45FCE9-6D90-4769-9239-98D09381561D}" = lport=445 | protocol=6 | dir=in | app=system |
"{18109DCF-9AED-4B01-8461-BB6E63EF2E8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F2441D2-002C-4D40-9CE3-A6E273B67910}" = rport=138 | protocol=17 | dir=out | app=system |
"{37361BEA-DBF1-4825-82B1-FB4210285DBD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{39210700-2C2D-4A1F-8D49-E71928653CD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{43D45A21-1A03-49C0-86FA-BE835965759D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4C47C5AC-0C9A-4AAB-9C45-F0547AD4A447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{514373E7-3B0D-4B4B-B2BD-F1D88EF86564}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{52D93073-C1CB-43BA-9731-7A6DDA924A83}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{704C1068-902D-4017-BC12-9AE70F3ED693}" = lport=138 | protocol=17 | dir=in | app=system |
"{7175398F-6F45-41AE-A3C6-A0D4BB7BD83E}" = rport=139 | protocol=6 | dir=out | app=system |
"{769B9FFF-700C-415E-A451-4698970EFB17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9B4A43B1-3628-4050-AB58-CBC8A4D5DD2C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9FF673D9-F1B4-43B1-8377-4A6E0722F647}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0F9FE1C-2104-463E-9B35-0DBC22571918}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEF1DEB7-EBF7-4B5A-AE1D-7A7568F5B56F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6F580F7-499B-4EA3-9E38-3E6AA4832A52}" = rport=137 | protocol=17 | dir=out | app=system |
"{F02590E4-1B93-414A-9F14-051C12D0DACA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F06DEBE9-7698-4E27-ABE3-003288E92F81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA63776C-D114-463D-8060-439229AFC1C3}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038961C9-14D1-4B75-8DD5-81D96A9D64D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{03B2C932-4AE2-4D34-A456-7E4D04382D22}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{115BF6DD-73D7-4C8A-BF92-50166EA2E093}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{116675A8-3D3A-4F71-9677-4035F955C2A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1475E64B-09F8-47F6-90F1-380ECF3B231F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C637837-499C-47E7-A597-D83FF9C5AE7F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{28390223-F4B1-4441-9248-7FCC1B539D03}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{294BEC91-5D8A-44DA-8EBC-DC06F18269FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32CD618B-7A95-4BF6-AF4A-4198F9AA639C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A6817D2-69B7-4ABC-B483-F1E6B971C2B7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{61EECDA7-A29C-44F0-AA7B-B3E0B39FC0D3}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{80C7A9A9-32ED-4DE9-B066-647AE2B70E4C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{83F929FD-8A84-4F85-A5C2-871F0A783D51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{95D1A5C0-567A-4D75-882C-9466E79A9DC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9801859D-5282-4A71-9B92-4FD13367D957}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C2A7F8AF-CD38-42C2-BB56-F7E8E7D20B68}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C63E13B0-BDDD-46ED-B261-8CE90EA2EB5D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4717F80-2B2D-4228-87B1-363204C47C14}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E56DAEA0-1A2D-4E13-B36A-E4278F67A8BC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E9712221-F79F-4681-8218-6B3CFFE34D2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F13EAE6C-5AE0-4406-8D3F-A1943CF202CD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FCC5C08C-55B9-4554-852F-CD751BDC736A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{3044DA23-09EF-463F-B553-03A7BB770A74}C:\users\gian\documents\dota\ocean technology\garena.exe" = protocol=6 | dir=in | app=c:\users\gian\documents\dota\ocean technology\garena.exe |
"TCP Query User{48949E2B-56B1-46A0-83D2-8929D841168D}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{5B85D571-749F-4A82-89B7-95DB36EADD67}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{6BDC850E-57C5-45CF-9E7F-2631C32CD214}C:\users\gian\desktop\dota\dota\war3.exe" = protocol=6 | dir=in | app=c:\users\gian\desktop\dota\dota\war3.exe |
"TCP Query User{6F1D9D24-91E5-4513-A465-B892C8CEDDF7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{7145BFAE-FB18-4243-A479-1A6644F9D01A}C:\users\gian\documents\dota\dota\war3.exe" = protocol=6 | dir=in | app=c:\users\gian\documents\dota\dota\war3.exe |
"TCP Query User{90A7949F-C08E-4C7D-BE43-2648995F3E49}C:\windows\system32\socks.exe" = protocol=6 | dir=in | app=c:\windows\system32\socks.exe |
"TCP Query User{EF83087A-86D9-4A2B-AB73-1BC6743678AC}C:\users\gian\desktop\dota\ocean technology\garena.exe" = protocol=6 | dir=in | app=c:\users\gian\desktop\dota\ocean technology\garena.exe |
"UDP Query User{2ED7CF9B-0237-47E8-A6B4-87C00C6DE318}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{4FE189CF-7D10-4A26-A17A-2CCEA5013B81}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{5F648EE7-7DAB-4178-A023-CCE2EC8D7F1F}C:\users\gian\documents\dota\ocean technology\garena.exe" = protocol=17 | dir=in | app=c:\users\gian\documents\dota\ocean technology\garena.exe |
"UDP Query User{77A5FAF3-2AC0-411E-9C0B-F37962DE2CE5}C:\users\gian\desktop\dota\ocean technology\garena.exe" = protocol=17 | dir=in | app=c:\users\gian\desktop\dota\ocean technology\garena.exe |
"UDP Query User{794BA9E3-1859-439E-8895-FD03E3F8001A}C:\users\gian\desktop\dota\dota\war3.exe" = protocol=17 | dir=in | app=c:\users\gian\desktop\dota\dota\war3.exe |
"UDP Query User{EAE7AF24-F636-436D-84B9-CF4C360B9F43}C:\users\gian\documents\dota\dota\war3.exe" = protocol=17 | dir=in | app=c:\users\gian\documents\dota\dota\war3.exe |
"UDP Query User{FA43FBEE-F0B9-4D3A-827B-8CA23118A086}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{FAAE621D-FBC2-482F-BD81-15CC51E39F2F}C:\windows\system32\socks.exe" = protocol=17 | dir=in | app=c:\windows\system32\socks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{180dbf47-ab84-4859-9970-8743fee0060a}" = Nero 9 Trial
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2876AEE2-A9C9-4585-A46A-44CF451C960E}" = Vista x86 OneClick Activator
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{463BCF51-FAB2-4900-B8A1-12EE7E37AE49}" = TouchCopy
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9B2726E-DB77-46B3-9489-597C20504E4A}" = TouchCopy 09
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Camfrog 3.93" = Camfrog Video Chat 3.93 (remove only)
"Camfrog 5.3" = Camfrog Video Chat 5.3
"CCleaner" = CCleaner (remove only)
"Chikka Messenger V4" = Chikka Messenger V4
"CinemaForge" = CinemaForge
"COMODO Firewall Pro" = COMODO Firewall Pro
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Garena" = Garena
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LimeWire" = LimeWire PRO 5.2.2
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RocketDock_is1" = RocketDock 1.3.5
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SQLite2009 Pro Enterprise Manager_is1" = SQLite2009 Pro Enterprise Manager [SQLite v3.6.16 - 2009.07.15]
"Tansee iPhone Copy_is1" = Tansee iPhone Copy 5.0.0.0
"Tansee iPhone Transfer Contact_is1" = Tansee iPhone Transfer Contact
"Totalcmd" = Total Commander (Remove or Repair)
"USB Disk Security_is1" = USB Disk Security 5.1.0.15
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.3 beta
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3446841995-219912761-3712962249-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2009 5:23:46 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:48 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:48 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:50 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:53 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:54 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:54 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:54 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:54 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/30/2009 5:23:54 AM | Computer Name = Gian-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 8/13/2009 7:30:23 AM | Computer Name = Gian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:55:03 PM on 8/13/2009 was unexpected.

Error - 8/13/2009 7:30:27 AM | Computer Name = Gian-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00248CD34274 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/13/2009 9:48:40 AM | Computer Name = Gian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:47:16 PM on 8/13/2009 was unexpected.

Error - 8/13/2009 9:48:43 AM | Computer Name = Gian-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 8/13/2009 12:19:46 PM | Computer Name = Gian-PC | Source = DCOM | ID = 10010
Description =

Error - 8/15/2009 10:52:40 PM | Computer Name = Gian-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00248CD34274 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/16/2009 9:04:21 PM | Computer Name = Gian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:57:42 PM on 8/16/2009 was unexpected.

Error - 8/16/2009 9:04:25 PM | Computer Name = Gian-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00248CD34274 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/16/2009 9:11:07 PM | Computer Name = Gian-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/17/2009 7:37:07 AM | Computer Name = Gian-PC | Source = DCOM | ID = 10010
Description =


< End of report >
"you cannot please everyone...but you"
Intel Celeron D 2.66 ghz
Windows Xp Media Center modded with vista styles
512+256 mb ddr geforce fx5500 256mb
80+20 gb Seagate Hard Disks

#6 gian0819

gian0819
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:59 AM

Posted 02 September 2009 - 07:52 AM

Process PID CPU Description Company Name
System Idle Process 0 44.35
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.76
smss.exe 468
csrss.exe 536
wininit.exe 580
services.exe 628
svchost.exe 848
igfxsrvc.exe 2364 igfxsrvc Module Intel Corporation
WmiPrvSE.exe 4000
svchost.exe 912
svchost.exe 952
svchost.exe 1072
audiodg.exe 1228
svchost.exe 1132
dwm.exe 3108 1.53 Desktop Window Manager Microsoft Corporation
svchost.exe 1156
taskeng.exe 1900
taskeng.exe 3100 Task Scheduler Engine Microsoft Corporation
taskeng.exe 5428
svchost.exe 1268
SLsvc.exe 1304
svchost.exe 1384
spoolsv.exe 1648
svchost.exe 1676
AppleMobileDeviceService.exe 1868
avp.exe 1984 50.47
avp.exe 4428
mDNSResponder.exe 2024
cmdagent.exe 192
svchost.exe 288
NBService.exe 412
svchost.exe 1220
SeaPort.exe 1412
svchost.exe 808
svchost.exe 756
WLIDSVC.EXE 2084
WLIDSVCM.EXE 3332
SearchIndexer.exe 2180
SearchProtocolHost.exe 572
SearchFilterHost.exe 3652
YahooAUService.exe 2252
mbamservice.exe 4004
iPodService.exe 2292
lsass.exe 652
lsm.exe 684
csrss.exe 588
winlogon.exe 676
explorer.exe 3180 Windows Explorer Microsoft Corporation
MSASCui.exe 3800 Windows Defender User Interface Microsoft Corporation
RtHDVCpl.exe 3824 HD Audio Control Panel Realtek Semiconductor
jusched.exe 3896 Java™ Platform SE binary Sun Microsystems, Inc.
avp.exe 3916 Kaspersky Anti-Virus Kaspersky Lab
igfxtray.exe 3992 igfxTray Module Intel Corporation
hkcmd.exe 4076 hkcmd Module Intel Corporation
igfxpers.exe 656 persistence Module Intel Corporation
GrooveMonitor.exe 2744 GrooveMonitor Utility Microsoft Corporation
USBGuard.exe 484 Antivirus software Zbshareware Lab
mbamgui.exe 2576 Malwarebytes' Anti-Malware Malwarebytes Corporation
iTunesHelper.exe 2848 iTunesHelper Module Apple Inc.
sidebar.exe 3508 Windows Sidebar Microsoft Corporation
YahooMessenger.exe 3472 Yahoo! Messenger Yahoo! Inc.
RocketDock.exe 3548
DAP.exe 2352 Download Accelerator Plus (DAP) SpeedBit Ltd.
RMTray.exe 3596 Registry Mechanic Vista Startup Tray PC Tools
MagicDisc.exe 3736 MagicISO Virtual CD/DVD Manager MagicISO, Inc.
firefox.exe 4388 2.29 Firefox Mozilla Corporation
procexp.exe 5532 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
"you cannot please everyone...but you"
Intel Celeron D 2.66 ghz
Windows Xp Media Center modded with vista styles
512+256 mb ddr geforce fx5500 256mb
80+20 gb Seagate Hard Disks

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 03 September 2009 - 05:03 PM

There's nothing showing there gian0819.

Can we try two more scans to see if we can find any remnants of malware that may have been there.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then this online scanner using Internet Explorer.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 06 September 2009 - 12:57 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 gian0819

gian0819
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:59 AM

Posted 06 September 2009 - 09:43 PM

so sorry for the late reply. i think i dont have any infections in my pc. iver tried running mbam and it did not found anything. tnx for the help
"you cannot please everyone...but you"
Intel Celeron D 2.66 ghz
Windows Xp Media Center modded with vista styles
512+256 mb ddr geforce fx5500 256mb
80+20 gb Seagate Hard Disks

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 07 September 2009 - 11:55 AM

Okay, if you are happy to leave it that's okay. I think your issues are not malware linked.

Please follow these instructions first though.

Good stuff! :thumbup2:

Let's do some housekeeping

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

I recommend that you download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it gian0819, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 12 September 2009 - 08:01 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users