Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PROBLEM have Virtumonde.sdn,suspicious driver installion


  • This topic is locked This topic is locked
17 replies to this topic

#1 johnmerrick

johnmerrick

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 07 September 2009 - 05:38 AM

my son gave to me this mess and i've been at it for about 12 hrs

i'd figure i'd see what you guys could do.

his computer is a mess so i figure lets not try to clean up everything just the two problems he told me about

(1) he downloaded a file or something called wondershare and it seems he okayed it to
install a suspicious driver now i deleted what i could but there is a temp file that was created that once you delete it it returns it's found in c:\documents and settings\owner\local settings\temp

there was some super antispyware updater thing in there i deleted that i think at least it's not in temp folder anymore
---it was wondershare streaming video recorder that he downloaded

he was going to use system restore points but they got all deleted some how and that's when he got worried that someone was taking over the computer. not sure the two are related

(2)
Virtumonde.sdn: [SBI $70056CE6] Data (File, nothing done)
C:\WINDOWS\system32\wonidome

spybot came up with that not sure they are related but........

also root reapeal keeps freezing on me just after it starts everything else i did as was told


windows xp professional sp3

AMD athlon dual core processor 4450e 2.31Ghz 2.93g of ram

if we can just clear that stufff up i would be greatful.

thanks

-----------------------------------------------------------



DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 4:51:09.43 on Mon 09/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2097 [GMT -3:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
============== Running Processes ===============

C:\Program Files\USB Safely Remove\USBSRService.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Livestation\Livestation.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Automatic USB Backup\AutomaticUSBBackupDriver.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rte.ie/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Livestation] c:\program files\livestation\Livestation.exe -startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [USB Safely Remove] c:\program files\usb safely remove\USBSafelyRemove.exe /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [THGuard] "c:\program files\trojanhunter 5.0\THGuard.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\automa~1.lnk - c:\program files\automatic usb backup\AutomaticUSBBackupDriver.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~3\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~3\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5lz29xzj.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\5lz29xzj.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\5lz29xzj.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-9-1 296976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-6 331824]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2009-9-6 213776]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-2 28592]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-27 234888]
S2 gupdate1c9ba1cb42b0f42;Google Update Service (gupdate1c9ba1cb42b0f42);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-10 57640]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2009-7-13 323584]
S3 USR_Find_Handle;USR_Find_Handle;c:\program files\usb safely remove\USRFindHandle.sys [2009-9-6 12824]

=============== Created Last 30 ================

2009-09-07 02:52 <DIR> --d----- c:\program files\CodeStuff
2009-09-07 02:01 <DIR> --d----- c:\program files\File Shredder
2009-09-06 09:46 32 a------- c:\windows\system32\thxcfg.ini
2009-09-06 08:59 <DIR> --d----- c:\program files\Wondershare
2009-09-06 05:41 <DIR> --d----- c:\docume~1\owner\applic~1\Desktopicon
2009-09-06 05:41 <DIR> --d----- c:\program files\Unlocker
2009-09-06 05:19 <DIR> --d----- c:\docume~1\owner\applic~1\USBSafelyRemove
2009-09-06 05:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\USBSRService
2009-09-06 05:19 <DIR> --d----- c:\program files\USB Safely Remove
2009-09-05 22:53 <DIR> --d----- c:\program files\Automatic USB Backup
2009-09-03 07:50 <DIR> --d----- c:\program files\MagicDVDRipper
2009-09-01 22:21 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-09-01 22:18 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-09-01 22:18 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-09-01 22:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-08-30 14:05 <DIR> --d----- c:\program files\TVAnts
2009-08-30 10:32 <DIR> --d----- c:\program files\Livestation
2009-08-29 06:38 <DIR> --d----- c:\windows\SysWOW64
2009-08-29 03:17 164,352 a------- c:\windows\system32\unrar.dll
2009-08-29 03:17 38 a------- c:\windows\avisplitter.ini
2009-08-29 03:17 839,680 a------- c:\windows\system32\lameACM.acm
2009-08-29 03:17 118,784 a------- c:\windows\system32\ac3acm.acm
2009-08-29 03:17 414 a------- c:\windows\system32\lame_acm.xml
2009-08-29 03:17 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-08-29 03:17 755,027 a------- c:\windows\system32\xvidcore.dll
2009-08-29 03:17 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-08-29 03:17 159,839 a------- c:\windows\system32\xvidvfw.dll
2009-08-29 03:17 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-08-29 01:13 <DIR> --d----- c:\program files\SourceTec
2009-08-29 00:59 <DIR> --d----- c:\program files\common files\SourceTec
2009-08-24 02:35 <DIR> --d----- c:\program files\GiPo@Utilities
2009-08-24 02:35 <DIR> --d----- c:\program files\common files\Gibinsoft Shared
2009-08-24 01:23 <DIR> --d----- c:\program files\GSpot
2009-08-23 09:54 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-08-23 09:54 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-08-23 09:54 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-08-21 21:19 <DIR> --d----- c:\program files\ffdshow
2009-08-20 14:46 <DIR> --d----- c:\docume~1\owner\applic~1\BitTorrent
2009-08-20 14:46 <DIR> --d----- c:\program files\BitTorrent
2009-08-20 00:41 668,938 a------- c:\windows\unins001.exe
2009-08-20 00:41 1,149 a------- c:\windows\unins001.dat
2009-08-16 05:14 <DIR> --d----- c:\program files\mIRC
2009-08-16 05:14 <DIR> --d----- c:\docume~1\owner\applic~1\mIRC
2009-08-15 03:30 <DIR> --d----- c:\program files\URUSoft
2009-08-12 20:51 <DIR> --d----- c:\documents and settings\owner\fontconfig
2009-08-12 20:49 <DIR> --d----- c:\documents and settings\owner\.smplayer
2009-08-12 20:49 <DIR> --d----- c:\program files\SMPlayer
2009-08-12 20:41 <DIR> --d----- c:\program files\OpenSource DTSAC3DD+ Source Filter
2009-08-12 20:41 <DIR> --d----- c:\program files\MONOGRAM AMR SplitterDecoder
2009-08-12 20:41 <DIR> --d----- c:\program files\CD Audio Reader Filter
2009-08-12 20:41 <DIR> --d----- c:\program files\OpenSource Flash Video Splitter
2009-08-12 20:41 <DIR> --d----- c:\program files\RealMedia
2009-08-12 20:41 <DIR> --d----- c:\program files\SHOUTcast Source
2009-08-12 20:41 <DIR> --d----- c:\program files\Haali
2009-08-12 20:40 <DIR> --d----- c:\program files\DSP-worx
2009-08-12 20:40 <DIR> --d----- c:\program files\DirectVobSub
2009-08-12 20:40 <DIR> --d----- c:\program files\Zoom Player
2009-08-12 06:22 <DIR> --d----- c:\docume~1\owner\applic~1\FFSJ
2009-08-12 06:18 794,906 a------- c:\windows\unins000.exe
2009-08-12 06:18 4,201 a------- c:\windows\unins000.dat
2009-08-12 06:18 <DIR> --d----- c:\windows\system32\FFSJ
2009-08-10 22:34 14 a------- c:\windows\system32\systeminfo3.dll
2009-08-10 22:34 <DIR> --d----- c:\program files\CloneDVD
2009-08-10 21:45 <DIR> --d----- C:\MAGICDVDCOPY_TEMP
2009-08-10 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\raz-soft
2009-08-10 18:27 <DIR> --d----- c:\program files\SubsGrabber
2009-08-10 05:54 <DIR> --d----- c:\program files\Winamp Toolbar
2009-08-10 01:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-08-10 01:52 <DIR> --d----- c:\documents and settings\owner\LocalLow
2009-08-10 01:52 <DIR> --d----- c:\program files\TVUPlayer
2009-08-10 01:42 <DIR> --d----- c:\program files\Veetle
2009-08-10 01:12 <DIR> --d----- c:\program files\eMule

==================== Find3M ====================

2009-08-30 10:32 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-08-30 10:32 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-08-29 06:26 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-08-05 08:04 203,776 a------- c:\windows\system32\clrviddc.dll
2009-08-05 07:56 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-05 07:56 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-31 02:15 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-07-31 02:15 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-07-31 02:13 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-31 01:15 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-07-31 01:15 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-07-31 01:15 585,728 a------- c:\windows\system32\bsratswf.dll
2009-07-31 01:15 147,456 a------- c:\windows\system32\bsratwmv.dll
2009-07-29 21:12 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-07-29 21:12 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-07-29 21:12 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-07-28 07:04 262,144 a------- c:\windows\system32\CarboniteRestores.dat
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-22 16:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-19 09:39 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-19 09:37 249,856 -------- c:\windows\Setup1.exe
2009-07-16 05:26 8,704 a------- c:\windows\system32\SpOrder.dll
2009-07-03 15:48 219,664 a------- c:\windows\system32\klogon.dll
2009-06-20 03:26 17,888 a---h--- c:\windows\system32\mlfcache.dat
2009-06-16 11:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 11:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 14:31 240,248 a------- c:\windows\system32\wpcap.dll
2009-06-15 14:31 88,704 a------- c:\windows\system32\Packet.dll
2009-06-15 14:31 53,299 a------- c:\windows\system32\pthreadVC.dll
2008-10-14 20:01 17,856 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2005-06-29 12:16 33 a------- c:\documents and settings\owner\visithttpd.bat
2005-06-29 12:16 83 a------- c:\documents and settings\owner\visit-cira.bat
2005-06-29 12:16 82 a------- c:\documents and settings\owner\visitm-cira.bat
2005-06-29 12:16 78 a------- c:\documents and settings\owner\visit.bat
2005-06-29 12:16 77 a------- c:\documents and settings\owner\visitm.bat
2005-06-29 12:16 71 a------- c:\documents and settings\owner\visitplay.bat
2005-06-29 12:16 70 a------- c:\documents and settings\owner\visitlocal.bat
2002-05-14 10:47 234 a------- c:\documents and settings\owner\visitlocal_template.bat
2002-05-14 10:47 700 a------- c:\documents and settings\owner\visit_template.bat
2002-03-25 14:47 82 a------- c:\documents and settings\owner\visitauto.bat
2001-11-01 14:34 41 a------- c:\documents and settings\owner\mkaudzip.bat
2001-11-01 14:34 42 a------- c:\documents and settings\owner\mkrepack.bat
2001-10-31 14:25 45 a------- c:\documents and settings\owner\record.bat
2000-12-06 11:48 40 a------- c:\documents and settings\owner\visitbuild.bat
2000-12-06 11:48 40 a------- c:\documents and settings\owner\build.bat
2000-03-03 15:27 158 a------- c:\documents and settings\owner\makeexe.bat
2008-12-31 03:09 2,623 ---sh--- c:\windows\system32\biteligi.dll
2008-12-31 03:09 2,623 ---sh--- c:\windows\system32\biyimaza.dll
2008-12-29 03:08 2,623 ---sh--- c:\windows\system32\dosoyahe.dll
2008-12-26 03:06 2,624 ---sh--- c:\windows\system32\fikujeve.dll
2008-12-30 03:08 2,625 ---sh--- c:\windows\system32\fumivuju.dll
2008-12-30 03:08 2,625 ---sh--- c:\windows\system32\gemawapo.dll
2008-12-31 03:09 2,624 ---sh--- c:\windows\system32\gujefowi.dll
2008-12-26 15:07 2,624 ---sh--- c:\windows\system32\kegimika.dll
2008-12-30 15:08 2,625 ---sh--- c:\windows\system32\kemobide.dll
2008-12-27 03:07 2,624 ---sh--- c:\windows\system32\kipudaba.dll
2008-12-29 03:08 2,623 ---sh--- c:\windows\system32\kogujiru.dll
2008-12-26 15:07 2,624 ---sh--- c:\windows\system32\kujobove.dll
2008-12-26 03:06 2,624 ---sh--- c:\windows\system32\layeleye.dll
2008-12-28 15:08 2,624 ---sh--- c:\windows\system32\linoroni.dll
2008-12-30 15:08 2,623 ---sh--- c:\windows\system32\poburiyo.dll
2008-12-30 15:08 2,625 ---sh--- c:\windows\system32\purefepe.dll
2008-12-27 03:07 2,623 ---sh--- c:\windows\system32\riwakawo.dll
2008-12-29 15:08 2,624 ---sh--- c:\windows\system32\rozihibu.dll
2008-12-28 03:07 2,624 ---sh--- c:\windows\system32\ruginefo.dll
2008-12-31 15:09 2,623 ---sh--- c:\windows\system32\setihuni.dll
2008-12-28 15:08 2,622 ---sh--- c:\windows\system32\subaromo.dll
2008-12-30 03:08 2,624 ---sh--- c:\windows\system32\vikesori.dll
2008-12-31 15:09 2,623 ---sh--- c:\windows\system32\volutehe.dll
2008-12-27 15:07 2,624 ---sh--- c:\windows\system32\wenifalo.dll
2008-12-29 15:08 2,622 ---sh--- c:\windows\system32\yegakire.dll

============= FINISH: 4:51:33.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 08 September 2009 - 02:38 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 08 September 2009 - 03:22 PM

here's the olt:



OTL logfile created on: 9/8/2009 5:18:25 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 76.41 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-AFBC7E183
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/18 22:01:06 | 00,213,776 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/10 17:41:15 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/08/10 20:19:08 | 00,132,144 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/08/06 15:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/02/25 01:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2005/08/08 01:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/04/13 21:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2006/11/23 15:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2008/01/29 04:47:50 | 16,859,648 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE
PRC - [2009/07/01 13:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/24 13:23:10 | 01,056,928 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.0\THGuard.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/05 07:55:35 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/02 01:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/06/11 22:32:30 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2008/10/16 20:03:00 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/06 09:52:46 | 01,994,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/04/03 16:23:58 | 03,558,648 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2008/04/13 21:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/19 15:46:14 | 01,719,496 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009/05/18 10:48:52 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2007/05/23 12:34:14 | 00,010,752 | ---- | M] () -- C:\Program Files\Automatic USB Backup\AutomaticUSBBackupDriver.exe
PRC - [2009/08/10 20:19:14 | 00,094,256 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2008/03/18 21:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/03/18 21:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/08 17:17:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/01/02 11:06:10 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/03 15:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/10 17:41:15 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ba1cb42b0f42 [Auto | Stopped])
SRV - [2009/03/24 04:38:42 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 21:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/08/10 20:19:08 | 00,132,144 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running])
SRV - [2009/08/06 15:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv [Auto | Running])
SRV - [2009/08/10 20:19:16 | 00,057,640 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService [On_Demand | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/02/25 01:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/08/08 01:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/11/06 17:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/07/13 07:05:22 | 00,323,584 | ---- | M] () -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService [On_Demand | Stopped])
SRV - [2009/08/18 22:01:06 | 00,213,776 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\windows\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/01/30 00:28:36 | 04,725,760 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/06/15 14:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\windows\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2008/12/15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\windows\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/07/03 13:11:24 | 00,296,976 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2009/05/13 17:46:52 | 00,031,760 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2009/05/16 20:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\DRIVERS\klmouflt.sys -- (klmouflt [On_Demand | Running])
DRV - [2008/04/13 15:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/06/18 17:04:20 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\windows\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2008/02/25 01:29:00 | 06,867,360 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/01/29 01:37:46 | 00,054,016 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/01/25 09:01:06 | 00,132,096 | R--- | M] (NVIDIA Corporation) -- C:\windows\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008/01/29 01:37:48 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009/07/29 21:12:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\windows\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/04 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 20:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/03/21 20:59:12 | 00,308,480 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\windows\System32\DRIVERS\rtl8185.sys -- (rtl8185 [On_Demand | Running])
DRV - [2009/03/27 19:37:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/12/22 12:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/10 06:27:51 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 13:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/07/22 16:13:20 | 00,028,592 | ---- | M] (The OpenVPN Project) -- C:\windows\System32\DRIVERS\tap0901.sys -- (tap0901 [On_Demand | Running])
DRV - [2009/05/14 15:08:40 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\windows\System32\DRIVERS\tapvpn.sys -- (tapvpn [On_Demand | Running])
DRV - [2009/08/18 22:00:44 | 00,012,824 | ---- | M] (SafelyRemove.com) -- C:\Program Files\USB Safely Remove\USRFindHandle.sys -- (USR_Find_Handle [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rte.ie/
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\S-1-5-21-1957994488-839522115-294769859-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\S-1-5-21-1957994488-839522115-294769859-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\S-1-5-21-1957994488-839522115-294769859-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/16 19:59:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/05 08:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/02 08:23:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/02 08:23:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/09/08 13:48:32 | 00,000,000 | ---D | M]

[2009/07/22 03:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/21 12:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/22 03:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/09/08 10:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions
[2009/08/10 05:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/05/22 10:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/13 19:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/17 21:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/28 02:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2008/12/23 02:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/05/27 00:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/10 01:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\firefox@tvunetworks.com
[2009/04/30 03:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\moveplayer@movenetworks.com
[2009/05/26 16:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\searchrecs@veoh.com
[2009/05/27 21:26:28 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\5lz29xzj.default\searchplugins\ask.xml
[2008/10/13 14:42:19 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\5lz29xzj.default\searchplugins\winamp-search.xml
[2009/09/08 10:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/10/13 13:58:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/02 08:23:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/25 20:58:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/16 19:59:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/28 20:11:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 13:50:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 21:44:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/08 07:05:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2009/07/30 08:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 08:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 18:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 15:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 19:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/30 08:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/05 07:59:35 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/07 02:34:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 02:34:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 02:34:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/03 08:32:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/05 08:01:00 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/05 07:56:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/10/19 11:43:34 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/03/09 20:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/05/01 18:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 04:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 04:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/07 23:22:48 | 00,001,498 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/30 04:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 04:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 04:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 04:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1957994488-839522115-294769859-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1957994488-839522115-294769859-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.0\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe (Livestation)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutomaticUSBBackupDriver.lnk = C:\Program Files\Automatic USB Backup\AutomaticUSBBackupDriver.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\D\Shell\configure\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\D\Shell\install\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[4 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[10 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[2009/09/08 17:17:43 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/08 17:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/09/08 16:04:43 | 00,000,000 | ---D | C] -- C:\windows\CSC
[2009/09/08 15:14:37 | 03,485,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PROPLUS.MSI
[2009/09/08 14:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/09/08 14:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.clamwin
[2009/09/08 14:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2009/09/08 14:15:42 | 28,736,281 | ---- | C] (alch ) -- C:\Documents and Settings\Owner\Desktop\clamwin-0.95.2-setup.exe
[2009/09/08 11:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/09/08 11:25:22 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/09/08 11:25:22 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/09/08 07:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2009/09/08 07:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/09/08 07:08:55 | 00,604,140 | -HS- | C] () -- C:\windows\System32\drivers\ISwift3.dat
[2009/09/08 07:05:17 | 00,105,395 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2009/09/08 07:05:17 | 00,094,643 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2009/09/08 07:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/09/08 07:04:01 | 00,296,976 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2009/09/08 06:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\raz-soft
[2009/09/08 06:45:37 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/08 05:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\installnewkaspersky210sep8
[2009/09/08 05:55:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky KIS 2010
[2009/09/08 03:04:06 | 00,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
[2009/09/08 00:06:40 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2009/09/07 23:17:02 | 00,848,656 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_avwt_stb_all_8_32.exe
[2009/09/07 16:05:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vundo.doc
[2009/09/07 11:02:43 | 00,000,000 | ---- | C] () -- C:\windows\System32\drivers\axwv.sys
[2009/09/07 09:50:52 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/09/07 07:49:08 | 01,474,832 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/07 06:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/07 06:55:29 | 75,755,808 | ---- | C] (COMODO) -- C:\Documents and Settings\Owner\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe
[2009/09/07 05:08:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/09/07 05:08:51 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/09/07 05:07:14 | 00,003,923 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/09/07 04:51:04 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/09/07 04:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (5)
[2009/09/07 03:00:53 | 02,158,386 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/07 02:52:12 | 00,001,724 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CodeStuff Starter.lnk
[2009/09/07 02:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2009/09/07 02:51:51 | 00,680,340 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\StarterSetup.zip
[2009/09/07 02:01:06 | 00,000,000 | ---D | C] -- C:\Program Files\File Shredder
[2009/09/07 02:00:39 | 00,925,897 | ---- | C] (WipeSoft ) -- C:\Documents and Settings\Owner\Desktop\file_shredder_setup.exe
[2009/09/06 23:50:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/09/06 09:46:42 | 00,000,032 | ---- | C] () -- C:\windows\System32\thxcfg.ini
[2009/09/06 09:42:15 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$C.doc
[2009/09/06 09:42:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\C.doc
[2009/09/06 08:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2009/09/06 05:41:47 | 00,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\eBay.lnk
[2009/09/06 05:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2009/09/06 05:41:30 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/09/06 05:19:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\USBSafelyRemove
[2009/09/06 05:19:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2009/09/06 05:19:17 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB Safely Remove.lnk
[2009/09/06 05:19:15 | 00,000,000 | ---D | C] -- C:\Program Files\USB Safely Remove
[2009/09/05 23:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Backup Utility
[2009/09/05 22:53:18 | 00,000,858 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutomaticUSBBackupDriver.lnk
[2009/09/05 22:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\Automatic USB Backup
[2009/09/05 09:58:49 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Reporting Servic1.doc
[2009/09/05 09:57:42 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 23.doc
[2009/09/05 02:38:37 | 01,031,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Amazon_com Great Accents In Cinema.mht
[2009/09/05 00:41:18 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\resume12.doc
[2009/09/04 03:18:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\star trek links.doc
[2009/09/03 18:16:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dma.doc
[2009/09/03 07:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2009/09/02 08:23:30 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/01 23:42:07 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rescueme.doc
[2009/09/01 22:20:21 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$T1JVS.doc
[2009/08/31 10:05:54 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\earmuffs.doc
[2009/08/31 09:37:39 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\resume[ edited ].doc
[2009/08/31 09:36:45 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\coverletter.doc
[2009/08/30 17:54:34 | 00,000,868 | ---- | C] () -- C:\windows\tasks\Google Software Updater.job
[2009/08/30 14:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\TVAnts
[2009/08/30 10:32:03 | 00,001,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livestation.lnk
[2009/08/30 10:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\Livestation
[2009/08/30 04:41:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DVDVolume
[2009/08/30 04:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts
[2009/08/29 09:31:38 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\billmahershow.doc
[2009/08/29 06:59:19 | 00,232,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Devdas - Rent or Buy Devdas Online.htm
[2009/08/29 06:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Devdas - Rent or Buy Devdas Online_files
[2009/08/29 06:38:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Wondershare Streaming Video Recorder
[2009/08/29 06:38:14 | 00,000,000 | ---D | C] -- C:\windows\SysWOW64
[2009/08/29 05:13:32 | 00,055,156 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BSRTroubleShooting.htm
[2009/08/29 05:13:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BSRTroubleShooting_files
[2009/08/29 03:17:32 | 00,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/08/29 03:17:32 | 00,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2009/08/29 03:17:31 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\windows\System32\lameACM.acm
[2009/08/29 03:17:31 | 00,118,784 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2009/08/29 03:17:31 | 00,000,414 | ---- | C] () -- C:\windows\System32\lame_acm.xml
[2009/08/29 03:17:30 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/08/29 03:17:30 | 00,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/08/29 03:17:30 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2009/08/29 03:17:30 | 00,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/08/29 03:17:28 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/08/29 01:26:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\paricularly those people rights.doc
[2009/08/29 01:25:40 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\indianstuff.doc
[2009/08/29 01:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/08/29 01:12:37 | 05,292,546 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\videodownloader.zip
[2009/08/29 00:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/08/29 00:58:59 | 02,345,194 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swfcatcher_IE.zip
[2009/08/29 00:42:23 | 00,425,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\web-video-downloader.xpi
[2009/08/28 04:48:38 | 00,054,659 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Register.aspx.htm
[2009/08/28 04:48:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Register.aspx_files
[2009/08/28 04:36:00 | 00,120,929 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Watch DivX Hollywood_Bollywood movies online for free.htm
[2009/08/28 04:36:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Watch DivX Hollywood_Bollywood movies online for free_files
[2009/08/25 21:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\dvdtoharddrivesoftware
[2009/08/25 00:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\teethflossing
[2009/08/24 02:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2009/08/24 02:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2009/08/24 01:23:08 | 00,000,000 | ---D | C] -- C:\Program Files\GSpot
[2009/08/23 09:54:36 | 00,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/08/23 09:54:36 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009/08/23 09:54:35 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\windows\System32\pthreadGC2.dll
[2009/08/23 07:28:56 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$Earth.doc
[2009/08/23 07:28:55 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Earth.doc
[2009/08/23 01:58:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rs-com-goodness-gracious-me-dvd-rips-4486_files
[2009/08/23 01:58:41 | 00,099,980 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rs-com-goodness-gracious-me-dvd-rips-4486.html
[2009/08/22 05:37:06 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[ edited ].doc
[2009/08/22 05:22:53 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 09.doc
[2009/08/22 05:22:15 | 00,017,807 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sommaireimpression-printsummary.aspx.htm
[2009/08/22 05:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sommaireimpression-printsummary.aspx_files
[2009/08/21 21:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/08/20 14:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/08/20 14:46:19 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/08/20 00:41:53 | 00,668,938 | ---- | C] () -- C:\windows\unins001.exe
[2009/08/20 00:41:53 | 00,001,149 | ---- | C] () -- C:\windows\unins001.dat
[2009/08/19 17:45:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\jobs looked at
[2009/08/19 06:57:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (4)
[2009/08/17 22:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (3)
[2009/08/17 01:50:44 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$oveclassicmovies.doc
[2009/08/17 01:50:43 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iloveclassicmovies.doc
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659B0.KEY
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659A5.KEY
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659B0.KEY
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659A5.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100222-061B539D.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100130-05DF3A19.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100222-061B539D.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100130-05DF3A19.KEY
[2009/08/16 21:48:36 | 00,001,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20091214-0563CC91.KEY
[2009/08/16 21:48:36 | 00,001,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20091214-0563CC91.KEY
[2009/08/16 21:48:36 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20100721-01D92701.KEY
[2009/08/16 21:48:36 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20100721-01D92701.KEY
[2009/08/16 21:45:22 | 05,392,802 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS_NEW.zip
[2009/08/16 05:14:25 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/08/16 05:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\mIRC
[2009/08/15 23:44:52 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pinkpanther.doc
[2009/08/15 03:30:20 | 00,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2009/08/14 08:02:05 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\S358669.doc
[2009/08/13 21:59:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2009/08/13 21:14:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2009/08/13 21:11:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky Lab
[2009/08/13 07:04:49 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\http3.doc
[2009/08/12 20:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2009/08/12 20:41:32 | 00,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2009/08/12 20:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2009/08/12 20:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2009/08/12 20:41:27 | 00,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2009/08/12 20:41:22 | 00,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2009/08/12 20:41:05 | 00,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2009/08/12 20:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009/08/12 20:40:55 | 00,000,000 | ---D | C] -- C:\Program Files\DSP-worx
[2009/08/12 20:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2009/08/12 20:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2009/08/12 17:42:04 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Martex Microfiber Ultrasoft Raschel Blanket.doc
[2009/08/12 06:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FFSJ
[2009/08/12 06:18:14 | 00,794,906 | ---- | C] () -- C:\windows\unins000.exe
[2009/08/12 06:18:14 | 00,004,201 | ---- | C] () -- C:\windows\unins000.dat
[2009/08/12 06:18:14 | 00,000,000 | ---D | C] -- C:\windows\System32\FFSJ
[2009/08/12 05:24:08 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\http2.doc
[2009/08/12 05:24:08 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$http2.doc
[2009/08/12 05:18:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Some_Mothers_do_Av_Em_S01E02
[2009/08/11 21:44:59 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\James.doc
[2009/08/11 21:44:59 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$James.doc
[2009/08/10 22:34:32 | 00,000,014 | ---- | C] () -- C:\windows\System32\systeminfo3.dll
[2009/08/10 22:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\CloneDVD
[2009/08/10 21:45:45 | 00,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP
[2009/08/10 18:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\SubsGrabber
[2009/08/10 05:54:15 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar
[2009/08/10 01:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TVU Networks
[2009/08/10 01:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/08/10 01:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\TVUPlayer
[2009/08/10 01:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Veetle
[2009/08/10 01:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/08/03 18:41:42 | 00,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2009/08/03 07:37:22 | 00,000,068 | ---- | C] () -- C:\windows\MyProg.ini
[2009/07/31 01:15:56 | 00,692,224 | ---- | C] () -- C:\windows\System32\bsrmgcv.dll
[2009/07/31 01:15:56 | 00,192,512 | ---- | C] () -- C:\windows\System32\bsrmgps.dll
[2009/07/31 01:15:37 | 00,585,728 | ---- | C] () -- C:\windows\System32\bsratswf.dll
[2009/07/31 01:15:37 | 00,147,456 | ---- | C] () -- C:\windows\System32\bsratwmv.dll
[2009/07/20 00:16:14 | 00,237,568 | ---- | C] () -- C:\windows\System32\rmc_rtspdl.dll
[2009/07/19 06:13:17 | 00,129,024 | ---- | C] () -- C:\windows\System32\AVERM.dll
[2009/07/19 06:13:17 | 00,028,672 | ---- | C] () -- C:\windows\System32\AVEQT.dll
[2009/01/01 23:16:21 | 01,294,028 | -HS- | C] () -- C:\windows\System32\ebebudaw.ini
[2009/01/01 13:20:12 | 00,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2009/01/01 13:20:12 | 00,153,088 | ---- | C] () -- C:\windows\System32\UNRAR3.dll
[2009/01/01 13:20:12 | 00,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2009/01/01 13:20:12 | 00,075,264 | ---- | C] () -- C:\windows\System32\unacev2.dll
[2008/12/31 15:09:43 | 00,002,623 | -HS- | C] () -- C:\windows\System32\volutehe.dll
[2008/12/31 15:09:43 | 00,002,623 | -HS- | C] () -- C:\windows\System32\setihuni.dll
[2008/12/31 03:09:19 | 00,002,623 | -HS- | C] () -- C:\windows\System32\biyimaza.dll
[2008/12/31 03:09:19 | 00,002,623 | -HS- | C] () -- C:\windows\System32\biteligi.dll
[2008/12/31 03:09:18 | 00,002,624 | -HS- | C] () -- C:\windows\System32\gujefowi.dll
[2008/12/30 15:08:51 | 00,002,625 | -HS- | C] () -- C:\windows\System32\kemobide.dll
[2008/12/30 15:08:51 | 00,002,623 | -HS- | C] () -- C:\windows\System32\poburiyo.dll
[2008/12/30 15:08:50 | 00,002,625 | -HS- | C] () -- C:\windows\System32\purefepe.dll
[2008/12/30 03:08:46 | 00,002,625 | -HS- | C] () -- C:\windows\System32\gemawapo.dll
[2008/12/30 03:08:46 | 00,002,624 | -HS- | C] () -- C:\windows\System32\vikesori.dll
[2008/12/30 03:08:45 | 00,002,625 | -HS- | C] () -- C:\windows\System32\fumivuju.dll
[2008/12/29 15:08:29 | 00,002,624 | -HS- | C] () -- C:\windows\System32\rozihibu.dll
[2008/12/29 15:08:28 | 00,002,622 | -HS- | C] () -- C:\windows\System32\yegakire.dll
[2008/12/29 03:08:23 | 00,002,623 | -HS- | C] () -- C:\windows\System32\kogujiru.dll
[2008/12/29 03:08:23 | 00,002,623 | -HS- | C] () -- C:\windows\System32\dosoyahe.dll
[2008/12/28 15:08:13 | 00,002,624 | -HS- | C] () -- C:\windows\System32\linoroni.dll
[2008/12/27 15:07:40 | 00,002,624 | -HS- | C] () -- C:\windows\System32\wenifalo.dll
[2008/12/27 03:07:23 | 00,002,624 | -HS- | C] () -- C:\windows\System32\kipudaba.dll
[2008/12/27 03:07:21 | 00,002,623 | -HS- | C] () -- C:\windows\System32\riwakawo.dll
[2008/12/26 15:07:09 | 00,002,624 | -HS- | C] () -- C:\windows\System32\kujobove.dll
[2008/12/26 15:07:09 | 00,002,624 | -HS- | C] () -- C:\windows\System32\kegimika.dll
[2008/12/26 03:06:46 | 00,002,624 | -HS- | C] () -- C:\windows\System32\layeleye.dll
[2008/12/26 03:06:41 | 00,002,624 | -HS- | C] () -- C:\windows\System32\fikujeve.dll
[2008/10/19 12:38:22 | 00,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/10/13 14:02:20 | 00,000,135 | ---- | C] () -- C:\windows\cdplayer.ini
[2008/09/29 16:05:22 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/02/25 01:29:00 | 01,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/02/25 01:29:00 | 01,482,752 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/02/25 01:29:00 | 01,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/02/25 01:29:00 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/02/25 01:29:00 | 00,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2007/11/06 17:19:28 | 00,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2004/08/04 09:00:00 | 00,000,603 | ---- | C] () -- C:\windows\win.ini
[2004/08/04 09:00:00 | 00,000,231 | ---- | C] () -- C:\windows\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[4 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[10 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[2009/09/08 17:19:00 | 00,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{10DE28C4-9899-4EA1-8B66-90962FB2666B}.job
[2009/09/08 17:17:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/08 17:15:06 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2009/09/08 17:14:18 | 00,002,422 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/09/08 17:14:14 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/08 17:14:04 | 00,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2009/09/08 17:13:45 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/09/08 17:13:44 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/09/08 15:54:00 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/08 14:16:41 | 28,736,281 | ---- | M] (alch ) -- C:\Documents and Settings\Owner\Desktop\clamwin-0.95.2-setup.exe
[2009/09/08 11:25:22 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/09/08 07:08:55 | 00,604,140 | -HS- | M] () -- C:\windows\System32\drivers\ISwift3.dat
[2009/09/08 07:05:17 | 00,105,395 | ---- | M] () -- C:\windows\System32\drivers\klin.dat
[2009/09/08 07:05:17 | 00,094,643 | ---- | M] () -- C:\windows\System32\drivers\klick.dat
[2009/09/08 03:27:55 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/08 03:04:06 | 00,000,000 | ---- | M] () -- C:\windows\System32\cd.dat
[2009/09/07 23:52:29 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vundo.doc
[2009/09/07 23:17:10 | 00,848,656 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_avwt_stb_all_8_32.exe
[2009/09/07 11:02:43 | 00,000,000 | ---- | M] () -- C:\windows\System32\drivers\axwv.sys
[2009/09/07 10:30:02 | 01,474,832 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/07 09:51:06 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/09/07 06:55:36 | 75,755,808 | ---- | M] (COMODO) -- C:\Documents and Settings\Owner\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe
[2009/09/07 05:08:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/09/07 05:08:54 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/09/07 05:07:14 | 00,003,923 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/09/07 04:51:07 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/09/07 03:00:56 | 02,158,386 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/07 02:52:12 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CodeStuff Starter.lnk
[2009/09/07 02:51:53 | 00,680,340 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\StarterSetup.zip
[2009/09/07 02:00:45 | 00,925,897 | ---- | M] (WipeSoft ) -- C:\Documents and Settings\Owner\Desktop\file_shredder_setup.exe
[2009/09/06 23:50:12 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/09/06 16:15:00 | 00,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/09/06 09:46:42 | 00,000,032 | ---- | M] () -- C:\windows\System32\thxcfg.ini
[2009/09/06 09:42:15 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$C.doc
[2009/09/06 09:42:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\C.doc
[2009/09/06 05:41:47 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\eBay.lnk
[2009/09/06 05:19:17 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB Safely Remove.lnk
[2009/09/05 22:53:18 | 00,000,858 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutomaticUSBBackupDriver.lnk
[2009/09/05 09:58:49 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Reporting Servic1.doc
[2009/09/05 09:57:42 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 23.doc
[2009/09/05 02:39:03 | 01,031,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Amazon_com Great Accents In Cinema.mht
[2009/09/05 00:41:18 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\resume12.doc
[2009/09/05 00:40:35 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\coverletter.doc
[2009/09/04 03:18:36 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\star trek links.doc
[2009/09/03 18:16:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dma.doc
[2009/09/02 20:14:02 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/09/02 08:23:30 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/01 23:42:08 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rescueme.doc
[2009/09/01 22:20:21 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$T1JVS.doc
[2009/08/31 10:05:55 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\earmuffs.doc
[2009/08/31 09:37:39 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\resume[ edited ].doc
[2009/08/30 10:32:09 | 00,413,696 | ---- | M] (Creative Labs) -- C:\windows\System32\wrap_oal.dll
[2009/08/30 10:32:09 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\System32\OpenAL32.dll
[2009/08/30 10:32:03 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livestation.lnk
[2009/08/29 09:31:38 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\billmahershow.doc
[2009/08/29 06:59:20 | 00,232,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Devdas - Rent or Buy Devdas Online.htm
[2009/08/29 06:26:47 | 00,002,048 | ---- | M] () -- C:\windows\System32\Tr_sttool.dat
[2009/08/29 05:13:33 | 00,055,156 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BSRTroubleShooting.htm
[2009/08/29 01:26:44 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\paricularly those people rights.doc
[2009/08/29 01:25:40 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\indianstuff.doc
[2009/08/29 01:12:49 | 05,292,546 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\videodownloader.zip
[2009/08/29 01:08:15 | 02,345,194 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swfcatcher_IE.zip
[2009/08/29 00:42:25 | 00,425,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\web-video-downloader.xpi
[2009/08/28 04:48:39 | 00,054,659 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Register.aspx.htm
[2009/08/28 04:36:02 | 00,120,929 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Watch DivX Hollywood_Bollywood movies online for free.htm
[2009/08/23 07:28:56 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Earth.doc
[2009/08/23 07:28:56 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$Earth.doc
[2009/08/23 01:58:44 | 00,099,980 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rs-com-goodness-gracious-me-dvd-rips-4486.html
[2009/08/22 05:37:07 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[ edited ].doc
[2009/08/22 05:22:53 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 09.doc
[2009/08/22 05:22:16 | 00,017,807 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sommaireimpression-printsummary.aspx.htm
[2009/08/20 00:46:57 | 00,001,149 | ---- | M] () -- C:\windows\unins001.dat
[2009/08/20 00:46:46 | 00,668,938 | ---- | M] () -- C:\windows\unins001.exe
[2009/08/19 18:01:22 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[ edited ].doc
[2009/08/17 01:50:44 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$oveclassicmovies.doc
[2009/08/17 01:50:43 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iloveclassicmovies.doc
[2009/08/16 21:45:22 | 05,392,802 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS_NEW.zip
[2009/08/16 13:52:26 | 00,001,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20091214-0563CC91.KEY
[2009/08/16 13:52:10 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100222-061B539D.KEY
[2009/08/16 13:51:48 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659B0.KEY
[2009/08/16 13:51:48 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20100721-01D92701.KEY
[2009/08/16 13:51:30 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100130-05DF3A19.KEY
[2009/08/16 13:51:20 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659A5.KEY
[2009/08/16 13:51:18 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659B0.KEY
[2009/08/16 13:51:18 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659A5.KEY
[2009/08/16 13:51:10 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20100721-01D92701.KEY
[2009/08/16 13:50:36 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100222-061B539D.KEY
[2009/08/16 13:50:24 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100130-05DF3A19.KEY
[2009/08/16 13:50:10 | 00,001,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20091214-0563CC91.KEY
[2009/08/15 23:44:52 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pinkpanther.doc
[2009/08/15 01:31:05 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\http1.doc
[2009/08/14 08:02:06 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\S358669.doc
[2009/08/13 22:33:51 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Martex Microfiber Ultrasoft Raschel Blanket.doc
[2009/08/13 07:04:49 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\http3.doc
[2009/08/13 05:07:10 | 00,000,135 | ---- | M] () -- C:\windows\cdplayer.ini
[2009/08/12 06:18:15 | 00,004,201 | ---- | M] () -- C:\windows\unins000.dat
[2009/08/12 06:18:10 | 00,794,906 | ---- | M] () -- C:\windows\unins000.exe
[2009/08/12 05:24:08 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\http2.doc
[2009/08/12 05:24:08 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$http2.doc
[2009/08/11 21:44:59 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\James.doc
[2009/08/11 21:44:59 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$James.doc
[2009/08/10 22:34:32 | 00,000,014 | ---- | M] () -- C:\windows\System32\systeminfo3.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


i'm doing the Gmer now


lets keep in mind i'm not the best at computers so i might be a little slow.


update:
this is going to take awhile he's got a 500gb drive and only 7? left.

almost forgot to say thanks for helping me.

==================================



OKAY HERE IT IS:




GMER 1.0.15.15077 [yu8iv2zi.exe] - http://www.gmer.net
Rootkit scan 2009-09-08 19:20:15
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAAF2436E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAAF24A86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAAF2560C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAAF25B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAAF24D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xAAF23460]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAAF25A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAAF22D0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAAF258D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAAF24102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAAF25C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAAF2740E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAAF24886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAAF25976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAAF23A20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAAF23CF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAAF2521C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAAF27980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAAF23E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAAF23EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAAF25016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAAF26EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAAF2343C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAAF2344E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAAF24030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAAF25BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAAF24B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xAAF23604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAAF25AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAAF2456E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAAF27438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAAF25D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAAF24492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAAF23F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAAF23BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAAF238BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAAF27128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAAF23B34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAAF230C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAAF2609E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAAF25F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAAF26C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAAF23224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAAF27860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAAF22EC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAAF25312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAAF24984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAAF265F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAAF26FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAAF274C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAAF23744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAAF275A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAAF276D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAAF26DD2]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA974D0B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAAF2463C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAAF247C8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AAF19424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AAF197DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504528 16 Bytes [02, 41, F2, AA, 72, 5C, F2, ...] {ADD AL, [ECX-0xe]; STOSB ; JB 0x62; REPNZ STOSB ; PUSH CS; JZ 0xfffffffffffffffd; STOSB ; XCHG [EAX-0xe], CL; STOSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [A6, 6E, F2, AA, 3C, 34, F2, ...] {CMPSB ; OUTSB ; REPNZ STOSB ; CMP AL, 0x34; REPNZ STOSB ; DEC ESI; XOR AL, 0xf2; STOSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2EC4 80504760 16 Bytes [34, 3B, F2, AA, C2, 30, F2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [A6, 75, F2, AA, D2, 76, F2, ...] {CMPSB ; JNZ 0xfffffffffffffff5; STOSB ; SAL BYTE [ESI-0xe], CL; STOSB ; SHR BYTE [EBP-0xe], CL; STOSB }

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[408] C:\windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[408] C:\windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[408] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[876] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\windows\Explorer.EXE[948] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 00D81102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[1708] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3856] C:\windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3856] C:\windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3856] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA0CD670] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA0CD670] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[876] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [039B85D1] C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)
IAT C:\Program Files\Internet Explorer\iexplore.exe[876] @ C:\windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [039B85D1] C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)
IAT C:\Program Files\Internet Explorer\iexplore.exe[876] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3084] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [035B85D1] C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3084] @ C:\windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [035B85D1] C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3084] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\cch35F.tmp 32768 bytes
File C:\WINDOWS\Temp\cch360.tmp 32768 bytes
File C:\WINDOWS\Temp\cch362.tmp 32768 bytes
File C:\WINDOWS\Temp\cch363.tmp 32768 bytes
File C:\WINDOWS\Temp\cch365.tmp 32768 bytes
File C:\WINDOWS\Temp\cch366.tmp 32768 bytes
File C:\WINDOWS\Temp\cch368.tmp 32768 bytes
File C:\WINDOWS\Temp\cch369.tmp 32768 bytes
File C:\WINDOWS\Temp\cch36E.tmp 0 bytes
File C:\WINDOWS\Temp\cch36F.tmp 32768 bytes
File C:\WINDOWS\Temp\cch371.tmp 32768 bytes
File C:\WINDOWS\Temp\cch372.tmp 32768 bytes
File C:\WINDOWS\Temp\cch374.tmp 32768 bytes
File C:\WINDOWS\Temp\cch375.tmp 32768 bytes
File C:\WINDOWS\Temp\cch377.tmp 32768 bytes
File C:\WINDOWS\Temp\cch378.tmp 32768 bytes

---- EOF - GMER 1.0.15 ----







seems there something i forgot:



OTL Extras logfile created on: 9/8/2009 5:18:25 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 76.41 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-AFBC7E183
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\rphelperapp.exe" = C:\Program Files\Real\RealPlayer\rphelperapp.exe:*:Enabled:rphelperapp -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\Desktop\readon\Readon_TV_Movie_Radio_Player_Porte.exe" = C:\Documents and Settings\Owner\Desktop\readon\Readon_TV_Movie_Radio_Player_Porte.exe:*:Enabled:Readon TV Movie Radio Player -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\english\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6350DFD0-01B0-11DE-87AF-0800200C9A66}" = Livestation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9058E449-E2D5-4c9b-A154-EA3FE9A9CCC6}_is1" = WebVideoRip Extras 2.5.9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1" = RipTiger 2.7.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Automatic USB Backup" = Automatic USB Backup 2.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"CCleaner" = CCleaner (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.2
"CodeStuff Starter" = CodeStuff Starter
"DC-Bass Source" = DC-Bass Source 1.1.1
"DFX for Winamp" = DFX for Winamp
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"eMule" = eMule
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ffdshow_is1" = ffdshow [rev 3048] [2009-07-31]
"File Shredder_is1" = File Shredder 2.0
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FLVCodec" = PlayFLV
"Free Internet Window Washer" = Free Internet Window Washer
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GSpot" = GSpot Codec Information Appliance
"HaaliMkx" = Haali Media Splitter
"HotspotShield" = Hotspot Shield 1.22
"Hulu Video Downloader_is1" = Hulu Video Downloader 3.21
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Kantaris_is1" = Kantaris Media Player 0.5.4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5
"LimeWire" = LimeWire 5.1.4
"MainApp.exe_is1" = CloneDVD 4.3.0.3
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Orb" = Winamp Remote
"Orbit_is1" = Orbit Downloader
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Replay Video Capture3.0" = Replay Video Capture
"Replay Video Capture4.0" = Replay Video Capture
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SMPlayer" = SMPlayer 0.6.7
"STMediaSuite" = SoundTaxi Media Suite 3.8.6
"Subs Grabber_is1" = SubsGrabber
"Subtitles Plugin for RealPlayer_is1" = Subtitles Plugin for RealPlayer 2005.03.21
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Surf Canyon" = Surf Canyon Search Engine Assistant
"The KMPlayer" = The KMPlayer (remove only)
"TrojanHunter_is1" = TrojanHunter 5.0
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0609
"Unlocker" = Unlocker 1.8.7
"URL Helper_is1" = URL Helper
"USB Safely Remove_is1" = USB Safely Remove 4.1
"Veetle TV" = Veetle TV 0.9.15
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Winamp Alternative_is1" = Winamp Alternative 1.1
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Widget Engine" = Yahoo! Widgets
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"BitTorrent" = BitTorrent
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2009 8:10:28 AM | Computer Name = OWNER-AFBC7E183 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3497, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 9:50:44 AM | Computer Name = OWNER-AFBC7E183 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 11:26:12 AM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 12:44:42 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 1:26:00 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 1:29:29 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 1:53:26 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 1:57:23 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 2:13:58 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 9/8/2009 2:15:57 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 9/7/2009 4:10:42 AM | Computer Name = OWNER-AFBC7E183 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.

Error - 9/7/2009 4:10:42 AM | Computer Name = OWNER-AFBC7E183 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.

Error - 9/7/2009 4:10:42 AM | Computer Name = OWNER-AFBC7E183 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.

Error - 9/7/2009 4:25:03 AM | Computer Name = OWNER-AFBC7E183 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 9/7/2009 4:25:03 AM | Computer Name = OWNER-AFBC7E183 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.

Error - 9/8/2009 2:40:27 AM | Computer Name = OWNER-AFBC7E183 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/8/2009 2:40:43 AM | Computer Name = OWNER-AFBC7E183 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/8/2009 5:57:26 AM | Computer Name = OWNER-AFBC7E183 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Internet Security service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 9/8/2009 5:57:26 AM | Computer Name = OWNER-AFBC7E183 | Source = Service Control Manager | ID = 7000
Description = The Kaspersky Internet Security service failed to start due to the
following error: %%5

Error - 9/8/2009 4:12:47 PM | Computer Name = OWNER-AFBC7E183 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

Edited by Buckeye_Sam, 13 September 2009 - 07:07 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 09 September 2009 - 12:28 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\WINDOWS\Temp\cch***.tmp
    C:\windows\System32\*.tmp 
    C:\windows\*.tmp 
    C:\Documents and Settings\Owner\My Documents\*.tmp 
    C:\Documents and Settings\Owner\Desktop\*.tmp
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 09 September 2009 - 02:50 PM

when it was running i got a range check error

here is the log


All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.0.10.7 log created on 09092009_163715

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
---------------------------------------------------------------------

doing the OTL now.........................



OTL logfile created on: 9/9/2009 4:54:33 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.77 Gb Available in Paging File | 94.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 78.62 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-AFBC7E183
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/18 22:01:06 | 00,213,776 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/10 17:41:15 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/08/10 20:19:08 | 00,132,144 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/08/06 15:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/02/25 01:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2005/08/08 01:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/04/13 21:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2009/08/10 20:19:14 | 00,094,256 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2008/04/13 21:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\notepad.exe
PRC - [2006/11/23 15:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2008/01/29 04:47:50 | 16,859,648 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE
PRC - [2009/07/01 13:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/24 13:23:10 | 01,056,928 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.0\THGuard.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/05 07:55:35 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/02 01:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/06/11 22:32:30 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2008/10/16 20:03:00 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/06 09:52:46 | 01,994,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/04/03 16:23:58 | 03,558,648 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/03/30 23:58:58 | 02,027,520 | ---- | M] (Livestation) -- C:\Program Files\Livestation\Livestation.exe
PRC - [2008/04/13 21:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/19 15:46:14 | 01,719,496 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009/05/18 10:48:52 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2007/05/23 12:34:14 | 00,010,752 | ---- | M] () -- C:\Program Files\Automatic USB Backup\AutomaticUSBBackupDriver.exe
PRC - [2008/03/18 21:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/03/18 21:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/08 17:17:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/01/02 11:06:10 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/03 15:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/10 17:41:15 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ba1cb42b0f42 [Auto | Stopped])
SRV - [2009/03/24 04:38:42 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 21:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/08/10 20:19:08 | 00,132,144 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running])
SRV - [2009/08/06 15:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv [Auto | Running])
SRV - [2009/08/10 20:19:16 | 00,057,640 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService [On_Demand | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/02/25 01:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/08/08 01:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/11/06 17:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/07/13 07:05:22 | 00,323,584 | ---- | M] () -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService [On_Demand | Stopped])
SRV - [2009/08/18 22:01:06 | 00,213,776 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\windows\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/01/30 00:28:36 | 04,725,760 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/06/15 14:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\windows\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2008/12/15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\windows\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/07/03 13:11:24 | 00,296,976 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2009/05/13 17:46:52 | 00,031,760 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2009/05/16 20:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\DRIVERS\klmouflt.sys -- (klmouflt [On_Demand | Running])
DRV - [2008/04/13 15:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/06/18 17:04:20 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\windows\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2008/02/25 01:29:00 | 06,867,360 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/01/29 01:37:46 | 00,054,016 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/01/25 09:01:06 | 00,132,096 | R--- | M] (NVIDIA Corporation) -- C:\windows\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008/01/29 01:37:48 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009/07/29 21:12:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\windows\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/04 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 20:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/03/21 20:59:12 | 00,308,480 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\windows\System32\DRIVERS\rtl8185.sys -- (rtl8185 [On_Demand | Running])
DRV - [2009/03/27 19:37:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/12/22 12:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/10 06:27:51 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 13:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/07/22 16:13:20 | 00,028,592 | ---- | M] (The OpenVPN Project) -- C:\windows\System32\DRIVERS\tap0901.sys -- (tap0901 [On_Demand | Running])
DRV - [2009/05/14 15:08:40 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\windows\System32\DRIVERS\tapvpn.sys -- (tapvpn [On_Demand | Running])
DRV - [2009/08/18 22:00:44 | 00,012,824 | ---- | M] (SafelyRemove.com) -- C:\Program Files\USB Safely Remove\USRFindHandle.sys -- (USR_Find_Handle [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rte.ie/
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\S-1-5-21-1957994488-839522115-294769859-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\S-1-5-21-1957994488-839522115-294769859-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1957994488-839522115-294769859-1003\S-1-5-21-1957994488-839522115-294769859-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/16 19:59:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/05 08:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/02 08:23:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/02 08:23:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/09/08 13:48:32 | 00,000,000 | ---D | M]

[2009/07/22 03:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/21 12:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/22 03:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/09/08 10:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions
[2009/08/10 05:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/05/22 10:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/13 19:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/17 21:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/28 02:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2008/12/23 02:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/05/27 00:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/10 01:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\firefox@tvunetworks.com
[2009/04/30 03:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\moveplayer@movenetworks.com
[2009/05/26 16:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5lz29xzj.default\extensions\searchrecs@veoh.com
[2009/05/27 21:26:28 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\5lz29xzj.default\searchplugins\ask.xml
[2008/10/13 14:42:19 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\5lz29xzj.default\searchplugins\winamp-search.xml
[2009/09/08 10:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/10/13 13:58:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/02 08:23:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/25 20:58:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/16 19:59:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/28 20:11:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 13:50:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 21:44:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/08 07:05:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2009/07/30 08:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 08:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 18:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 15:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 19:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/30 08:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/05 07:59:35 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/07 02:34:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 02:34:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 02:34:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/03 08:32:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/05 08:01:00 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/05 07:56:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/10/19 11:43:34 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/03/09 20:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/05/01 18:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 04:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 04:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/07 23:22:48 | 00,001,498 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/30 04:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 04:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 04:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 04:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1957994488-839522115-294769859-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1957994488-839522115-294769859-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.0\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe (Livestation)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKU\S-1-5-21-1957994488-839522115-294769859-1003..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutomaticUSBBackupDriver.lnk = C:\Program Files\Automatic USB Backup\AutomaticUSBBackupDriver.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-839522115-294769859-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\D\Shell\configure\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\D\Shell\install\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/09 16:31:31 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/08 17:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2009/09/08 17:17:43 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/08 17:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/09/08 16:04:43 | 00,000,000 | ---D | C] -- C:\windows\CSC
[2009/09/08 15:14:37 | 03,485,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PROPLUS.MSI
[2009/09/08 14:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/09/08 14:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.clamwin
[2009/09/08 14:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2009/09/08 14:15:42 | 28,736,281 | ---- | C] (alch ) -- C:\Documents and Settings\Owner\Desktop\clamwin-0.95.2-setup.exe
[2009/09/08 11:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/09/08 11:25:22 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/09/08 11:25:22 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/09/08 07:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2009/09/08 07:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/09/08 07:08:55 | 00,604,140 | -HS- | C] () -- C:\windows\System32\drivers\ISwift3.dat
[2009/09/08 07:05:17 | 00,105,395 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2009/09/08 07:05:17 | 00,094,643 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2009/09/08 07:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/09/08 07:04:01 | 00,296,976 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2009/09/08 06:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\raz-soft
[2009/09/08 06:45:37 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/08 05:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\installnewkaspersky210sep8
[2009/09/08 05:55:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky KIS 2010
[2009/09/08 03:04:06 | 00,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
[2009/09/08 00:06:40 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2009/09/07 23:17:02 | 00,848,656 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_avwt_stb_all_8_32.exe
[2009/09/07 16:05:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vundo.doc
[2009/09/07 11:02:43 | 00,000,000 | ---- | C] () -- C:\windows\System32\drivers\axwv.sys
[2009/09/07 09:50:52 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/09/07 07:49:08 | 01,474,832 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/07 06:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/07 06:55:29 | 75,755,808 | ---- | C] (COMODO) -- C:\Documents and Settings\Owner\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe
[2009/09/07 05:08:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/09/07 05:08:51 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/09/07 05:07:14 | 00,003,923 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/09/07 04:51:04 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/09/07 04:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (5)
[2009/09/07 03:00:53 | 02,158,386 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/07 02:52:12 | 00,001,724 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CodeStuff Starter.lnk
[2009/09/07 02:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2009/09/07 02:51:51 | 00,680,340 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\StarterSetup.zip
[2009/09/07 02:01:06 | 00,000,000 | ---D | C] -- C:\Program Files\File Shredder
[2009/09/07 02:00:39 | 00,925,897 | ---- | C] (WipeSoft ) -- C:\Documents and Settings\Owner\Desktop\file_shredder_setup.exe
[2009/09/06 23:50:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/09/06 09:46:42 | 00,000,032 | ---- | C] () -- C:\windows\System32\thxcfg.ini
[2009/09/06 09:42:15 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$C.doc
[2009/09/06 09:42:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\C.doc
[2009/09/06 08:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2009/09/06 05:41:47 | 00,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\eBay.lnk
[2009/09/06 05:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2009/09/06 05:41:30 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/09/06 05:19:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\USBSafelyRemove
[2009/09/06 05:19:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2009/09/06 05:19:17 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB Safely Remove.lnk
[2009/09/06 05:19:15 | 00,000,000 | ---D | C] -- C:\Program Files\USB Safely Remove
[2009/09/05 23:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Backup Utility
[2009/09/05 22:53:18 | 00,000,858 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutomaticUSBBackupDriver.lnk
[2009/09/05 22:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\Automatic USB Backup
[2009/09/05 09:58:49 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Reporting Servic1.doc
[2009/09/05 09:57:42 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 23.doc
[2009/09/05 02:38:37 | 01,031,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Amazon_com Great Accents In Cinema.mht
[2009/09/05 00:41:18 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\resume12.doc
[2009/09/04 03:18:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\star trek links.doc
[2009/09/03 18:16:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dma.doc
[2009/09/03 07:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2009/09/02 08:23:30 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/01 23:42:07 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rescueme.doc
[2009/09/01 22:20:21 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$T1JVS.doc
[2009/08/31 10:05:54 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\earmuffs.doc
[2009/08/31 09:37:39 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\resume.doc
[2009/08/31 09:36:45 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\coverletter.doc
[2009/08/30 17:54:34 | 00,000,868 | ---- | C] () -- C:\windows\tasks\Google Software Updater.job
[2009/08/30 14:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\TVAnts
[2009/08/30 10:32:03 | 00,001,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livestation.lnk
[2009/08/30 10:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\Livestation
[2009/08/30 04:41:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DVDVolume
[2009/08/30 04:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts
[2009/08/29 09:31:38 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\billmahershow.doc
[2009/08/29 06:59:19 | 00,232,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Devdas - Rent or Buy Devdas Online.htm
[2009/08/29 06:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Devdas - Rent or Buy Devdas Online_files
[2009/08/29 06:38:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Wondershare Streaming Video Recorder
[2009/08/29 06:38:14 | 00,000,000 | ---D | C] -- C:\windows\SysWOW64
[2009/08/29 05:13:32 | 00,055,156 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BSRTroubleShooting.htm
[2009/08/29 05:13:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BSRTroubleShooting_files
[2009/08/29 03:17:32 | 00,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/08/29 03:17:32 | 00,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2009/08/29 03:17:31 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\windows\System32\lameACM.acm
[2009/08/29 03:17:31 | 00,118,784 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2009/08/29 03:17:31 | 00,000,414 | ---- | C] () -- C:\windows\System32\lame_acm.xml
[2009/08/29 03:17:30 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/08/29 03:17:30 | 00,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/08/29 03:17:30 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2009/08/29 03:17:30 | 00,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/08/29 03:17:28 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/08/29 01:26:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\paricularly those people rights.doc
[2009/08/29 01:25:40 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\indianstuff.doc
[2009/08/29 01:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/08/29 01:12:37 | 05,292,546 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\videodownloader.zip
[2009/08/29 00:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/08/29 00:58:59 | 02,345,194 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swfcatcher_IE.zip
[2009/08/29 00:42:23 | 00,425,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\web-video-downloader.xpi
[2009/08/28 04:48:38 | 00,054,659 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Register.aspx.htm
[2009/08/28 04:48:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Register.aspx_files
[2009/08/28 04:36:00 | 00,120,929 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Watch DivX Hollywood_Bollywood movies online for free.htm
[2009/08/28 04:36:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Watch DivX Hollywood_Bollywood movies online for free_files
[2009/08/25 21:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\dvdtoharddrivesoftware
[2009/08/25 00:31:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\teethflossing
[2009/08/24 02:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2009/08/24 02:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2009/08/24 01:23:08 | 00,000,000 | ---D | C] -- C:\Program Files\GSpot
[2009/08/23 09:54:36 | 00,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/08/23 09:54:36 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009/08/23 09:54:35 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\windows\System32\pthreadGC2.dll
[2009/08/23 07:28:56 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$Earth.doc
[2009/08/23 07:28:55 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Earth.doc
[2009/08/23 01:58:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rs-com-goodness-gracious-me-dvd-rips-4486_files
[2009/08/23 01:58:41 | 00,099,980 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rs-com-goodness-gracious-me-dvd-rips-4486.html
[2009/08/22 05:37:06 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rd.doc
[2009/08/22 05:22:53 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 09.doc
[2009/08/22 05:22:15 | 00,017,807 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sommaireimpression-printsummary.aspx.htm
[2009/08/22 05:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sommaireimpression-printsummary.aspx_files
[2009/08/21 21:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/08/20 14:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/08/20 14:46:19 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/08/20 00:41:53 | 00,668,938 | ---- | C] () -- C:\windows\unins001.exe
[2009/08/20 00:41:53 | 00,001,149 | ---- | C] () -- C:\windows\unins001.dat
[2009/08/19 17:45:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\jobs looked at
[2009/08/19 06:57:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (4)
[2009/08/17 22:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (3)
[2009/08/17 01:50:44 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$oveclassicmovies.doc
[2009/08/17 01:50:43 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iloveclassicmovies.doc
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659B0.KEY
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659A5.KEY
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659B0.KEY
[2009/08/16 21:48:36 | 00,001,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659A5.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100222-061B539D.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100130-05DF3A19.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100222-061B539D.KEY
[2009/08/16 21:48:36 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100130-05DF3A19.KEY
[2009/08/16 21:48:36 | 00,001,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20091214-0563CC91.KEY
[2009/08/16 21:48:36 | 00,001,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20091214-0563CC91.KEY
[2009/08/16 21:48:36 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20100721-01D92701.KEY
[2009/08/16 21:48:36 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20100721-01D92701.KEY
[2009/08/16 21:45:22 | 05,392,802 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIS_NEW.zip
[2009/08/16 05:14:25 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/08/16 05:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\mIRC
[2009/08/15 23:44:52 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pinkpanther.doc
[2009/08/15 03:30:20 | 00,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2009/08/14 08:02:05 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\S358669.doc
[2009/08/13 21:59:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2009/08/13 21:14:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2009/08/13 21:11:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky Lab
[2009/08/13 07:04:49 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\http3.doc
[2009/08/12 20:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2009/08/12 20:41:32 | 00,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2009/08/12 20:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2009/08/12 20:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2009/08/12 20:41:27 | 00,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2009/08/12 20:41:22 | 00,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2009/08/12 20:41:05 | 00,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2009/08/12 20:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009/08/12 20:40:55 | 00,000,000 | ---D | C] -- C:\Program Files\DSP-worx
[2009/08/12 20:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2009/08/12 20:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2009/08/12 17:42:04 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Martex Microfiber Ultrasoft Raschel Blanket.doc
[2009/08/12 06:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FFSJ
[2009/08/12 06:18:14 | 00,794,906 | ---- | C] () -- C:\windows\unins000.exe
[2009/08/12 06:18:14 | 00,004,201 | ---- | C] () -- C:\windows\unins000.dat
[2009/08/12 06:18:14 | 00,000,000 | ---D | C] -- C:\windows\System32\FFSJ
[2009/08/12 05:24:08 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\http2.doc
[2009/08/12 05:24:08 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$http2.doc
[2009/08/12 05:18:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Some_Mothers_do_Av_Em_S01E02
[2009/08/11 21:44:59 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\James.doc
[2009/08/11 21:44:59 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$James.doc
[2009/08/10 22:34:32 | 00,000,014 | ---- | C] () -- C:\windows\System32\systeminfo3.dll
[2009/08/10 22:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\CloneDVD
[2009/08/10 21:45:45 | 00,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP
[2009/08/10 18:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\SubsGrabber
[2009/08/03 18:41:42 | 00,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2009/08/03 07:37:22 | 00,000,068 | ---- | C] () -- C:\windows\MyProg.ini
[2009/07/31 01:15:56 | 00,692,224 | ---- | C] () -- C:\windows\System32\bsrmgcv.dll
[2009/07/31 01:15:56 | 00,192,512 | ---- | C] () -- C:\windows\System32\bsrmgps.dll
[2009/07/31 01:15:37 | 00,585,728 | ---- | C] () -- C:\windows\System32\bsratswf.dll
[2009/07/31 01:15:37 | 00,147,456 | ---- | C] () -- C:\windows\System32\bsratwmv.dll
[2009/07/20 00:16:14 | 00,237,568 | ---- | C] () -- C:\windows\System32\rmc_rtspdl.dll
[2009/07/19 06:13:17 | 00,129,024 | ---- | C] () -- C:\windows\System32\AVERM.dll
[2009/07/19 06:13:17 | 00,028,672 | ---- | C] () -- C:\windows\System32\AVEQT.dll
[2009/01/01 23:16:21 | 01,294,028 | -HS- | C] () -- C:\windows\System32\ebebudaw.ini
[2009/01/01 13:20:12 | 00,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2009/01/01 13:20:12 | 00,153,088 | ---- | C] () -- C:\windows\System32\UNRAR3.dll
[2009/01/01 13:20:12 | 00,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2009/01/01 13:20:12 | 00,075,264 | ---- | C] () -- C:\windows\System32\unacev2.dll
[2008/12/31 15:09:43 | 00,002,623 | -HS- | C] () -- C:\windows\System32\volutehe.dll
[2008/12/31 15:09:43 | 00,002,623 | -HS- | C] () -- C:\windows\System32\setihuni.dll
[2008/12/31 03:09:19 | 00,002,623 | -HS- | C] () -- C:\windows\System32\biyimaza.dll
[2008/12/31 03:09:19 | 00,002,623 | -HS- | C] () -- C:\windows\System32\biteligi.dll
[2008/12/31 03:09:18 | 00,002,624 | -HS- | C] () -- C:\windows\System32\gujefowi.dll
[2008/12/30 15:08:51 | 00,002,625 | -HS- | C] () -- C:\windows\System32\kemobide.dll
[2008/12/30 15:08:51 | 00,002,623 | -HS- | C] () -- C:\windows\System32\poburiyo.dll
[2008/12/30 15:08:50 | 00,002,625 | -HS- | C] () -- C:\windows\System32\purefepe.dll
[2008/12/30 03:08:46 | 00,002,625 | -HS- | C] () -- C:\windows\System32\gemawapo.dll
[2008/12/30 03:08:46 | 00,002,624 | -HS- | C] () -- C:\windows\System32\vikesori.dll
[2008/12/30 03:08:45 | 00,002,625 | -HS- | C] () -- C:\windows\System32\fumivuju.dll
[2008/12/29 15:08:29 | 00,002,624 | -HS- | C] () -- C:\windows\System32\rozihibu.dll
[2008/12/29 15:08:28 | 00,002,622 | -HS- | C] () -- C:\windows\System32\yegakire.dll
[2008/12/29 03:08:23 | 00,002,623 | -HS- | C] () -- C:\windows\System32\kogujiru.dll
[2008/12/29 03:08:23 | 00,002,623 | -HS- | C] () -- C:\windows\System32\dosoyahe.dll
[2008/12/28 15:08:13 | 00,002,624 | -HS- | C] () -- C:\windows\System32\linoroni.dll
[2008/12/27 15:07:40 | 00,002,624 | -HS- | C] () -- C:\windows\System32\wenifalo.dll
[2008/12/27 03:07:23 | 00,002,624 | -HS- | C] () -- C:\windows\System32\kipudaba.dll
[2008/12/27 03:07:21 | 00,002,623 | -HS- | C] () -- C:\windows\System32\riwakawo.dll
[2008/12/26 15:07:09 | 00,002,624 | -HS- | C] () -- C:\windows\System32\kujobove.dll
[2008/12/26 15:07:09 | 00,002,624 | -HS- | C] () -- C:\windows\System32\kegimika.dll
[2008/12/26 03:06:46 | 00,002,624 | -HS- | C] () -- C:\windows\System32\layeleye.dll
[2008/12/26 03:06:41 | 00,002,624 | -HS- | C] () -- C:\windows\System32\fikujeve.dll
[2008/10/19 12:38:22 | 00,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/10/13 14:02:20 | 00,000,135 | ---- | C] () -- C:\windows\cdplayer.ini
[2008/09/29 16:05:22 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/02/25 01:29:00 | 01,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/02/25 01:29:00 | 01,482,752 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/02/25 01:29:00 | 01,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/02/25 01:29:00 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/02/25 01:29:00 | 00,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2007/11/06 17:19:28 | 00,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2004/08/04 09:00:00 | 00,000,603 | ---- | C] () -- C:\windows\win.ini
[2004/08/04 09:00:00 | 00,000,231 | ---- | C] () -- C:\windows\system.ini

========== Files - Modified Within 30 Days ==========

[2009/09/09 16:55:00 | 00,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{10DE28C4-9899-4EA1-8B66-90962FB2666B}.job
[2009/09/09 16:54:00 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/09 16:41:19 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2009/09/09 16:39:11 | 00,002,422 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/09/09 16:39:08 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/09 16:38:57 | 00,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2009/09/09 16:38:38 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/09/09 16:38:37 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/09/08 17:17:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/08 14:16:41 | 28,736,281 | ---- | M] (alch ) -- C:\Documents and Settings\Owner\Desktop\clamwin-0.95.2-setup.exe
[2009/09/08 11:25:22 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/09/08 07:08:55 | 00,604,140 | -HS- | M] () -- C:\windows\System32\drivers\ISwift3.dat
[2009/09/08 07:05:17 | 00,105,395 | ---- | M] () -- C:\windows\System32\drivers\klin.dat
[2009/09/08 07:05:17 | 00,094,643 | ---- | M] () -- C:\windows\System32\drivers\klick.dat
[2009/09/08 03:27:55 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/08 03:04:06 | 00,000,000 | ---- | M] () -- C:\windows\System32\cd.dat
[2009/09/07 23:52:29 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vundo.doc
[2009/09/07 23:17:10 | 00,848,656 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_avwt_stb_all_8_32.exe
[2009/09/07 11:02:43 | 00,000,000 | ---- | M] () -- C:\windows\System32\drivers\axwv.sys
[2009/09/07 10:30:02 | 01,474,832 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/07 09:51:06 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/09/07 06:55:36 | 75,755,808 | ---- | M] (COMODO) -- C:\Documents and Settings\Owner\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe
[2009/09/07 05:08:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/09/07 05:08:54 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/09/07 05:07:14 | 00,003,923 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/09/07 04:51:07 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/09/07 03:00:56 | 02,158,386 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/07 02:52:12 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CodeStuff Starter.lnk
[2009/09/07 02:51:53 | 00,680,340 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\StarterSetup.zip
[2009/09/07 02:00:45 | 00,925,897 | ---- | M] (WipeSoft ) -- C:\Documents and Settings\Owner\Desktop\file_shredder_setup.exe
[2009/09/06 23:50:12 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/09/06 16:15:00 | 00,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/09/06 09:46:42 | 00,000,032 | ---- | M] () -- C:\windows\System32\thxcfg.ini
[2009/09/06 09:42:15 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$C.doc
[2009/09/06 09:42:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\C.doc
[2009/09/06 05:41:47 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\eBay.lnk
[2009/09/06 05:19:17 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB Safely Remove.lnk
[2009/09/05 22:53:18 | 00,000,858 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutomaticUSBBackupDriver.lnk
[2009/09/05 09:58:49 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Reporting Servic1.doc
[2009/09/05 09:57:42 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 23.doc
[2009/09/05 02:39:03 | 01,031,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Amazon_com Great Accents In Cinema.mht
[2009/09/05 00:41:18 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\resume12.doc
[2009/09/05 00:40:35 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\coverletter.doc
[2009/09/04 03:18:36 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\star trek links.doc
[2009/09/03 18:16:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dma.doc
[2009/09/02 20:14:02 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/09/02 08:23:30 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/01 23:42:08 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rescueme.doc
[2009/09/01 22:20:21 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$T1JVS.doc
[2009/08/31 10:05:55 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\earmuffs.doc
[2009/08/31 09:37:39 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\resume.doc
[2009/08/30 10:32:09 | 00,413,696 | ---- | M] (Creative Labs) -- C:\windows\System32\wrap_oal.dll
[2009/08/30 10:32:09 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\System32\OpenAL32.dll
[2009/08/30 10:32:03 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livestation.lnk
[2009/08/29 09:31:38 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\billmahershow.doc
[2009/08/29 06:59:20 | 00,232,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Devdas - Rent or Buy Devdas Online.htm
[2009/08/29 06:26:47 | 00,002,048 | ---- | M] () -- C:\windows\System32\Tr_sttool.dat
[2009/08/29 05:13:33 | 00,055,156 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BSRTroubleShooting.htm
[2009/08/29 01:26:44 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\paricularly those people rights.doc
[2009/08/29 01:25:40 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\indianstuff.doc
[2009/08/29 01:12:49 | 05,292,546 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\videodownloader.zip
[2009/08/29 01:08:15 | 02,345,194 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swfcatcher_IE.zip
[2009/08/29 00:42:25 | 00,425,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\web-video-downloader.xpi
[2009/08/28 04:48:39 | 00,054,659 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Register.aspx.htm
[2009/08/28 04:36:02 | 00,120,929 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Watch DivX Hollywood_Bollywood movies online for free.htm
[2009/08/23 07:28:56 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Earth.doc
[2009/08/23 07:28:56 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$Earth.doc
[2009/08/23 01:58:44 | 00,099,980 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rs-com-goodness-gracious-me-dvd-rips-4486.html
[2009/08/22 05:37:07 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rd.doc
[2009/08/22 05:22:53 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\This report covers the period from August 09.doc
[2009/08/22 05:22:16 | 00,017,807 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sommaireimpression-printsummary.aspx.htm
[2009/08/20 00:46:57 | 00,001,149 | ---- | M] () -- C:\windows\unins001.dat
[2009/08/20 00:46:46 | 00,668,938 | ---- | M] () -- C:\windows\unins001.exe
[2009/08/19 18:01:22 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\resume34.doc
[2009/08/17 01:50:44 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$oveclassicmovies.doc
[2009/08/17 01:50:43 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iloveclassicmovies.doc
[2009/08/16 21:45:22 | 05,392,802 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS_NEW.zip
[2009/08/16 13:52:26 | 00,001,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20091214-0563CC91.KEY
[2009/08/16 13:52:10 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100222-061B539D.KEY
[2009/08/16 13:51:48 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659B0.KEY
[2009/08/16 13:51:48 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20100721-01D92701.KEY
[2009/08/16 13:51:30 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CN-20100130-05DF3A19.KEY
[2009/08/16 13:51:20 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS8-CM-20090912-041659A5.KEY
[2009/08/16 13:51:18 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659B0.KEY
[2009/08/16 13:51:18 | 00,001,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20090912-041659A5.KEY
[2009/08/16 13:51:10 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS7-CM-20100721-01D92701.KEY
[2009/08/16 13:50:36 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100222-061B539D.KEY
[2009/08/16 13:50:24 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20100130-05DF3A19.KEY
[2009/08/16 13:50:10 | 00,001,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIS9-CN-20091214-0563CC91.KEY
[2009/08/15 23:44:52 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pinkpanther.doc
[2009/08/15 01:31:05 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\http1.doc
[2009/08/14 08:02:06 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\S358669.doc
[2009/08/13 22:33:51 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Martex Microfiber Ultrasoft Raschel Blanket.doc
[2009/08/13 07:04:49 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\http3.doc
[2009/08/13 05:07:10 | 00,000,135 | ---- | M] () -- C:\windows\cdplayer.ini
[2009/08/12 06:18:15 | 00,004,201 | ---- | M] () -- C:\windows\unins000.dat
[2009/08/12 06:18:10 | 00,794,906 | ---- | M] () -- C:\windows\unins000.exe
[2009/08/12 05:24:08 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\http2.doc
[2009/08/12 05:24:08 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$http2.doc
[2009/08/11 21:44:59 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\James.doc
[2009/08/11 21:44:59 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$James.doc
[2009/08/10 22:34:32 | 00,000,014 | ---- | M] () -- C:\windows\System32\systeminfo3.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

I'll stop here before i do the scan because of the olt error and wait for you to respond.


thanks...


can you tell me why we are trying to delete the tmp folders???

if it's not too much trouble?

thanks.........



I WAS GOING TO RUN THAT SCAN BUT I HAVE KASPERSKY RUNNING SO I'M WONDERING IF I SHOULD TURN THAT OFF FIRST???



from what i read you can leave kaspersky alone so i have......

also left unchecked SCAN ARCHIVES AND SCAN FOR POTENTIALLY UNSAFE APPLICATIONS because you didn't say so.

as soon as it finishes i will post....................



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=c569c2af4d669243a9f0ef4cf0cd5b8d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-09 10:40:54
# local_time=2009-09-09 07:40:54 (-0400, Atlantic Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2817 63 100 100 77657042968750
# scanned=92066
# found=3
# cleaned=3
# scan_time=2933
C:\Documents and Settings\Owner\Desktop\desktop\RplyMdiaCtchr3.01CRK\Crack\MediaCatcher.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Replay Media Catcher\RplyMdiaCtchr3.01CRK\Crack\MediaCatcher.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ebebudaw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


that's it


here's something that's strange i'm running the kaspersky scan on a certain folder
KEEP IN MIND I AM NOT QUARANTINING ANYTHING OR DELETING ANYTHING JUST SEEING WHAT'S THERE.
kaspersky was already set up on his computer.


FILE IS C:\Documents and Settings\Owner\Desktop\JDownloader 0.6.193\downloads

comes up with nothing but at a certain point it starts to scan file www.tryfile.com.txt

thing is that file is located: C:\Documents and Settings\Owner\My Documents\My Videos\indian voice\wheredownloadmovies

now it's scanning back in C:\Documents and Settings\Owner\Desktop\JDownloader 0.6.193\downloads


thought you might want to know. i have not and will not download quarantine or delete anything until you say it's okay too.


also his microsoft office doesn't work in one of the logs it says why

okay i'll just wait for you to respond...

thanks

Edited by johnmerrick, 10 September 2009 - 12:34 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 10 September 2009 - 07:56 AM

We're not trying to remove the temp folders, but we do want to empty the temp files from within those folders. There are a few reasons why. First they are temp folders and most users fail to empty them out resulting in gigabytes of wasted space on the hard drive. Secondly these are a favorite place for malware to hide. And finally by removing any unnecessary files, any scans we do will proceed much quicker.

JDownloader is a program used to download files from a variety of different sites. Unfortunately these sites usually host cracked software and illegal movies and music downloads. There is evidence of this in your logs.

C:\Program Files\Replay Media Catcher\RplyMdiaCtchr3.01CRK\Crack\MediaCatcher.exe

I wouldn't be surprised at all to find more cracked software and/or malware in the download folder for this program.


I do see a bunch of files in your log that look like Vundo files to me. Malwarebytes usually does a good job of cleaning them out.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 10 September 2009 - 12:44 PM

okay thanks, if there is anything not legal i'll tell him to remove after we are done.



Malwarebytes' Anti-Malware 1.40
Database version: 2773
Windows 5.1.2600 Service Pack 3

9/10/2009 2:35:44 PM
mbam-log-2009-09-10 (14-35-44).txt

Scan type: Quick Scan
Objects scanned: 112692
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by johnmerrick, 10 September 2009 - 01:54 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 10 September 2009 - 06:37 PM

Malwarebytes didn't pick up those files like I thought they might. Let's see if we can get confirmation before manually deleting them.

Please visit the online Jotti Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    C:\windows\System32\volutehe.dll


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 10 September 2009 - 07:00 PM

here you go:

Jotti's malware scan
Filename: volutehe.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 11 Sep 2009 01:57:28 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 2623 bytes
Filetype: HTML document text
MD5: dbab6dc27a697cb20d25cdd2baef7898
SHA1: 91443b75e97bffcb562291fb0cceda53599184f0





Scanners
2009-09-10 Found nothing 2009-09-11 Found nothing
2009-09-11 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-11 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-10 Found nothing 2009-09-10 Found nothing
2009-09-11 Found nothing

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 10 September 2009 - 07:09 PM

Hmmm....well, that's why we check first before deleting. :(

Is Kaspersky up to date with the latest virus definitions? Make sure you download any available updates and then run a full virus scan. Let me know if it turns up anything.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 10 September 2009 - 07:25 PM

i'm running the virustotal i'll let you know what that turns up

if nothing i run full kaspersky scan

computer seems fine

i did get this message from kaspersky after update:

kaspersky rebot is required after database update.

never saw that before but that doesn't mean anything is wrong though

there is a problem

Error - 9/8/2009 1:29:29 PM | Computer Name = OWNER-AFBC7E183 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.


not sure that is up your alley though.

i believe i may have to go back to the guy that built the computer and get him to reinstall it if can't be solved any other way


thanks for the edit---i got your PM


soon as kaspersky scan finished i'll post

---------------------------------------------------------------------
File volutehe.dll received on 2009.09.11 00:07:32 (UTC)
Current status: finished
Result: 0/41 (0.00%)

so running kaspersky now...........................







ran kaspersky it found and deleted(disinfected) 2 trojan.msil.rettesser.b

in c:\documents and settings\owner\mydocuments\downloads

other than that nothing.


he's got some password protected stuff which i'm assuming can't be scanned without the password.

some of that stuff is like univers-forums.com.url he doesn't have the password but what it is is just a page of a website he must have download to save or something.


strange thing though is some of the password protected stuff that kaspersky says is there i can't find even when you search in hidden folders and files.

but 99% is from DEsktop/desktop and he said 99% of that is junk so i'll tell him to delete the junk.



other than that i'll tell him to monitor the computer and see if it acts up and let you know.


Oh can you help me with the microsoft office xp professional with frontpage says that i have to enter an alternate path to a folder containing the installation package proplus.msi.


I don't have the disc and i don't know if it could be done without it as i said if it can't i can just go back to the guy that built it and have him re install it.

do you think that the office xp problem was virus related or something else???? me i'm not sure.


thanks for your help and i'll be sure to donate something..



P.S. before we worked together i did run malwarebytes and it found.....

Files Infected:
C:\WINDOWS\system32\ruginefo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\subaromo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by johnmerrick, 11 September 2009 - 04:12 AM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 11 September 2009 - 05:46 PM

I did some research on that error and it looks like you're going to need the disc. I did run across this though, so it's worth a shot.

This problem is due to the choice of the option 'Install on first use' or due to an update of Microsoft Office (for Windows Update for example).

To remedy this, simply insert the disk for Microsoft Office version installed, or specify the location of files on the hard drive!

An alternative is to click Start, Control Panel, Add / Remove Programs.
Select Microsoft Office XP Professional with frontpage and click on Modify/ Continue, Select add/remove components, and then next.
Then the components to be installed appear, simply click update.



It looks like your malware issue is resolved, so let's go ahead and clean up our mess and then I'll post some recommendations for you.


It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 12 September 2009 - 12:20 AM

before i do the clean up i was wondering what exactly are we cleaning up?

don't the antivirus programs detect and clean the stuff??

thanks

p.s. i'll be sending you $20 just have to get my paypal set up.

i'm not really sure why use guys aren't charging something for what you are doing even if it's $5.
-------------------------------------------------------------------------------------------------------------------


i did the clean up but other than OLT.exe can't see what it removed.

Edited by johnmerrick, 12 September 2009 - 10:07 PM.


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:50 PM

Posted 13 September 2009 - 07:10 AM

The Cleanup function simply removes a predetermined list of any malware fighting tools and logs that it finds. It's a one step clean up for anything I had you download for the sole purpose of removing your infection. It also removes itself.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 johnmerrick

johnmerrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 16 September 2009 - 07:42 AM

looks like that's it but the computer started acting up again.

turns out the some of the problem was all the software . for example he couldn't right click on certain icons deleted a bunch of unnecessary programs and problem solved.

seems okay now only problem can't seem to update windows. looked at the history and computer hasn't since july 15 2009

noticed a lot of people with the problem but not every problem is spyware or virus sometimes can be as simple as a loose cord.... go figure.

:(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users