Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log - Help me Diagnose


  • Please log in to reply
5 replies to this topic

#1 HappyTreeFriend

HappyTreeFriend

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 01 November 2009 - 04:05 AM

Hi there

I've been having a few troubles with my PC. It's been running fine but I cannot seem to open my regedit or task manager, its apparently been disabled by the admin.. I'm the only one using this PC
I also cannot use any USB devices such as Flash sticks, Ipods, cellphones etc. It picks them up (the phone will charge when plugged in and make the usual "connected" sound) but cannot physically see the device anywhere.

I really have no idea what it could be. It would be great if someone could help me out :(


**EDIT**
My Regedit and Taskmanager is working again! yay.
But my PC is still not picking up any of my devices, the weird thing is.
It picks up my 500gb external harddrive. But not my Iphone or Flashdrive. HELP!
****




DDS (Ver_09-10-26.01) - NTFSx86
Run by USER at 1:30:57.78 on 2009/11/01
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2398 [GMT 2:00]

AV: avast! antivirus 4.8.1356 [VPS 091031-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\My Documents\Downloads\RootRepeal.exe
C:\Documents and Settings\USER\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7418e5f5-0e48-4144-8f92-5ca791c82396} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {de713078-8012-4b75-92ba-398d4642a64b} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [AdobeBridge]
uRun: [NSeries.PCSync] c:\program files\nokia\nseries pc suite\system utilities\PcSync2.exe /NoDialog
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CHotkey] mHotkey.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [<NO NAME>]
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: &iespell options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: check &spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: lookup on merriam webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: lookup on wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606d6f9-9d3b-4aea-a025-ed5b2fd488e7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77bf5300-1474-4ec7-9980-d32b190e9b07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {a573d71b-951b-4bad-b8cc-708ae84769c9} - {32CA105A-BD6C-4AFC-B4D9-346262E9F483}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: ctfmon.exe - c:\windows\system32\ctfmon_qj.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\d0bv8yjx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{2AE6699D-136F-495A-8995-77BAA5D6F302}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-21 114768]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-21 20560]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-6 331824]
R3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]
S1 2288794a;2288794a;c:\windows\system32\drivers\2288794a.sys [2009-4-8 0]
S1 3de320f7;3de320f7;c:\windows\system32\drivers\3de320f7.sys [2009-4-18 0]
S2 FAH@C:+Documents and Settings+USER+Desktop+FAH504-Console.exe;FAH@C:+Documents and Settings+USER+Desktop+FAH504-Console.exe; [x]
S2 gupdate1c98b9c23cd6b56;Google Update Service (gupdate1c98b9c23cd6b56);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 adobe version cue cs4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-11 57640]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-3 55296]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-7-30 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-7-30 8320]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]

=============== Created Last 30 ================

2009-10-31 22:59:54 0 d-----w- C:\VundoFix Backups
2009-10-31 22:57:11 4148 ----a-w- c:\windows\system32\tmp.reg
2009-10-31 21:29:23 0 d-----w- c:\program files\MediaMonkey
2009-10-31 07:56:08 54156 ---ha-w- c:\windows\QTFont.qfn
2009-10-31 07:56:08 1409 ----a-w- c:\windows\QTFont.for
2009-10-31 07:56:00 0 d-----w- c:\program files\iPod
2009-10-31 07:55:57 0 d-----w- c:\program files\iTunes
2009-10-25 17:51:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-10-14 23:58:06 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-13 18:37:02 45 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2009-10-13 18:32:44 38 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2009-10-13 18:32:24 0 d-----w- c:\windows\.jagex_cache_32

==================== Find3M ====================

2009-10-17 13:13:57 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-17 13:02:29 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-30 09:54:07 90293 ----a-w- c:\windows\system32\vp_setup.exe
2009-09-30 09:54:04 90433 ----a-w- c:\windows\system32\vic_setup.exe
2009-08-07 20:56:45 4096 ----a-w- c:\windows\d3dx.dat
2003-09-15 23:19:48 99544 ----a-w- c:\windows\inf\virprn.exe
2003-09-15 23:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll
2003-09-15 23:19:48 10240 ----a-w- c:\windows\inf\virport.dll
2003-09-15 23:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll
2008-12-23 08:57:03 57344 --sh--w- c:\windows\system\MSNMessengerAPI.dll
2009-05-28 18:11:08 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-05-28 18:11:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051120090518\index.dat
2009-05-28 18:11:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052820090529\index.dat
2009-06-13 18:41:52 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-06-13 18:41:52 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-06-13 18:41:52 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 1:31:04.46 ===============

Attached Files


Edited by HappyTreeFriend, 01 November 2009 - 06:43 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:06 AM

Posted 07 November 2009 - 05:47 PM

Hello HappyTreeFriend

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 HappyTreeFriend

HappyTreeFriend
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 08 November 2009 - 11:18 AM

Hi there, thank you for coming back to me :( here we go:


OTL logfile created on: 2009/11/08 06:01:29 PM - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\USER\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 46.18 Gb Free Space | 15.76% Space Free | Partition Type: NTFS
Drive D: | 172.78 Gb Total Space | 72.72 Gb Free Space | 42.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JORDY
Current User Name: USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\WINDOWS\mHotkey.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- File not found
SRV - (FAH@C:+Documents and Settings+USER+Desktop+FAH504-Console.exe) -- File not found
SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gupdate1c98b9c23cd6b56) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (adobe version cue cs4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (RichVideo) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (3de320f7) -- C:\WINDOWS\System32\drivers\3de320f7.sys ()
DRV - (2288794a) -- C:\WINDOWS\System32\drivers\2288794a.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (scdemu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (Alpham1) -- C:\WINDOWS\system32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (leafnets) -- C:\WINDOWS\system32\drivers\leafnets.sys (Leaf Networks)
DRV - (Alpham2) -- C:\WINDOWS\system32\drivers\Alpham2.sys (Ideazon Corporation)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (sfcure01) -- C:\WINDOWS\system32\drivers\sfcure01.sys ()
DRV - (ENTECH) -- C:\WINDOWS\system32\drivers\Entech.sys (EnTech Taiwan)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.2.6
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.10
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.4
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.0.59
FF - prefs.js..extensions.enabledItems: {2AE6699D-136F-495A-8995-77BAA5D6F302}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/19 07:10:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 19:00:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 18:59:11 | 00,000,000 | ---D | M]

[2009/04/08 00:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2009/03/21 17:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/08 00:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/10/31 12:59:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions
[2009/04/07 13:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}
[2009/04/20 23:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/04/07 22:49:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions\anycolor.pavlos256@gmail.com
[2009/03/21 18:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions\brief@mozdev.org
[2009/03/23 17:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions\firefox@facebook.com
[2009/04/20 23:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\d0bv8yjx.default\extensions\piclens@cooliris.com
[2009/10/31 13:09:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/08 00:47:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{2AE6699D-136F-495A-8995-77BAA5D6F302}
[2009/09/10 18:59:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/10 18:59:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/09/10 18:59:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 18:59:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/31 09:55:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/02/19 21:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/19 21:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/19 21:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/19 21:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/19 21:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/02/19 21:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/02/19 21:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (794 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [NSeries.PCSync] C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &iespell options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: check &spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: lookup on merriam webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: lookup on wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606d6f9-9d3b-4aea-a025-ed5b2fd488e7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (LogonUI.EXE) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\WINDOWS\system32\ctfmon_qj.exe ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 00:45:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 17:54:54 | 00,000,000 | ---D | C] -- C:\Program Files\Wide Angle Software
[2009/11/08 17:51:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder (4)
[2009/11/07 22:36:57 | 00,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2009/11/07 22:36:42 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/11/07 22:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/11/07 22:36:34 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2009/11/07 22:36:14 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/11/07 22:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/11/06 14:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Orbit
[2009/11/03 15:47:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\runic games
[2009/11/03 15:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\TORCHLIGHT
[2009/11/02 23:05:32 | 00,000,000 | ---D | C] -- C:\Program Files\Runic Games
[2009/11/01 14:07:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\WinRAR
[2009/11/01 00:56:55 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/11/01 00:56:55 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/11/01 00:56:55 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/11/01 00:56:55 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/11/01 00:56:55 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/10/31 23:29:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\MediaMonkey
[2009/10/31 23:29:23 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2009/10/31 13:19:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\VT_Software
[2009/10/31 09:56:00 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/31 09:55:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/31 09:55:11 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/31 09:55:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/31 09:54:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Apple
[2009/10/31 09:54:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/31 09:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/31 09:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/25 19:51:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/10/13 20:32:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2009/04/08 00:46:38 | 03,035,229 | ---- | C] (Ahusoft ) -- C:\Documents and Settings\USER\Application Data\onlinetv74.exe
[2008/09/06 19:38:26 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\USER\Application Data\pcouffin.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 18:00:30 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DC70F66-2C3A-4597-8A9D-AC3BDE74FC1D}.job
[2009/11/08 17:55:09 | 12,320,768 | -H-- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT
[2009/11/08 17:54:55 | 00,001,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
[2009/11/08 17:40:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/08 17:38:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-299502267-1801674531-1004UA.job
[2009/11/08 17:06:08 | 01,701,187 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\QAFFL Studio.pdf
[2009/11/08 17:00:00 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/11/08 14:06:03 | 01,147,889 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\First.mp3
[2009/11/08 13:03:42 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/08 13:03:41 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 11:38:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-299502267-1801674531-1004Core.job
[2009/11/08 11:21:14 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/08 11:21:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/08 11:20:55 | 00,208,993 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/08 11:20:51 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/08 11:20:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 11:20:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 01:03:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\USER\ntuser.ini
[2009/11/07 22:37:49 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 22:36:41 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\FL Studio 8.lnk
[2009/11/07 19:53:17 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/11/07 19:53:17 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/07 19:45:36 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/07 15:18:52 | 04,171,904 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\eminem_till_i_collapse.mp3
[2009/11/07 14:39:05 | 00,002,277 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Google Chrome.lnk
[2009/11/07 14:07:05 | 00,000,532 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\WoW.lnk
[2009/11/06 17:10:53 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/11/06 17:10:53 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/11/04 22:03:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/03 15:47:07 | 00,001,746 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\TORCHLiGHT.lnk
[2009/11/02 23:03:42 | 52,915,5312 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\sr-torchl.bin
[2009/11/01 09:06:57 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/31 09:56:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/26 23:54:54 | 00,461,572 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\This event will be held in Beijing.docx
[2009/10/15 01:58:06 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/13 21:38:02 | 02,451,968 | -HS- | M] () -- C:\Documents and Settings\USER\My Documents\BpV3Pv_cfdg.exe
[2009/10/13 21:37:37 | 02,451,968 | -HS- | M] () -- C:\Documents and Settings\USER\My Documents\Osm2Ih_cfdg.exe
[2009/10/13 20:37:06 | 00,000,045 | ---- | M] () -- C:\Documents and Settings\USER\jagex_runescape_preferences2.dat
[2009/10/13 20:37:06 | 00,000,038 | ---- | M] () -- C:\Documents and Settings\USER\jagex_runescape_preferences.dat
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/08 17:54:55 | 00,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
[2009/11/08 17:06:08 | 01,701,187 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\QAFFL Studio.pdf
[2009/11/08 14:05:52 | 01,147,889 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\First.mp3
[2009/11/08 00:31:17 | 00,427,488 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\drs100LPE10412breakbeat.wav
[2009/11/08 00:31:17 | 00,094,658 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\dnb.flp
[2009/11/07 22:36:41 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\FL Studio 8.lnk
[2009/11/07 15:17:08 | 04,171,904 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\eminem_till_i_collapse.mp3
[2009/11/06 16:09:22 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/11/06 16:09:22 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/11/04 16:22:41 | 00,000,532 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\WoW.lnk
[2009/11/03 15:47:07 | 00,001,746 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\TORCHLiGHT.lnk
[2009/11/02 23:14:04 | 52,915,5312 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\sr-torchl.bin
[2009/10/31 09:56:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/31 09:56:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/26 23:54:54 | 00,461,572 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\This event will be held in Beijing.docx
[2009/10/15 01:58:06 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/13 21:38:02 | 02,451,968 | -HS- | C] () -- C:\Documents and Settings\USER\My Documents\BpV3Pv_cfdg.exe
[2009/10/13 21:37:37 | 02,451,968 | -HS- | C] () -- C:\Documents and Settings\USER\My Documents\Osm2Ih_cfdg.exe
[2009/10/13 20:37:02 | 00,000,045 | ---- | C] () -- C:\Documents and Settings\USER\jagex_runescape_preferences2.dat
[2009/10/13 20:32:44 | 00,000,038 | ---- | C] () -- C:\Documents and Settings\USER\jagex_runescape_preferences.dat
[2009/09/29 17:48:35 | 00,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2009/09/29 17:48:35 | 00,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2009/09/29 17:48:35 | 00,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2009/09/29 17:48:35 | 00,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2009/06/04 11:09:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/24 22:00:28 | 02,665,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/05/22 15:26:32 | 00,000,093 | ---- | C] () -- C:\WINDOWS\Cdplayer.ini
[2009/05/22 15:21:37 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Apollo Audio DVD Creator.INI
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/20 15:37:50 | 00,000,042 | ---- | C] () -- C:\WINDOWS\ESReg.ini
[2009/04/18 10:56:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\3de320f7.sys
[2009/04/16 18:25:06 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/08 21:54:29 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2009/04/08 01:02:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\2288794a.sys
[2009/03/01 11:15:45 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009/02/24 17:35:11 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfcure01.sys
[2008/11/25 22:14:51 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat
[2008/10/30 22:30:06 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008/10/28 17:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/06 22:31:22 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/30 19:01:57 | 00,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/09/06 19:38:29 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\pcouffin.log
[2008/09/06 19:38:26 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\ezpinst.exe
[2008/09/06 19:38:26 | 00,007,824 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\pcouffin.cat
[2008/09/06 19:38:26 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\pcouffin.inf
[2008/08/23 20:07:46 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 00:53:28 | 00,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2008/08/22 05:29:43 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/22 05:29:43 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PnkBstrK.sys
[2008/08/22 05:28:58 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/08/22 04:50:50 | 00,000,120 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/08/22 04:46:56 | 00,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/08/22 04:46:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008/08/22 04:46:56 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2008/08/20 20:08:55 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/08/20 20:04:54 | 00,037,848 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/20 00:51:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\USER\Application Data\desktop.ini
[2008/08/19 15:19:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/07/26 21:48:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 14:00:00 | 00,001,821 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/07/02 22:37:12 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/07/02 22:37:10 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 20:21:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/19 20:21:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/19 00:30:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/03/22 02:38:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2003/01/30 02:39:40 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dcfft2.dll

========== LOP Check ==========

[2008/12/11 17:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/02/25 06:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/05/01 12:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/06/19 12:27:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/10/25 19:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/04/19 02:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/06/19 16:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/30 21:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/08/20 01:12:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/10/02 15:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/10/02 15:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/05/14 19:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Phase One
[2009/09/29 17:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2009/04/08 10:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/30 21:51:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{397E5558-CD6D-49C8-96AA-D3972167F879}
[2009/03/05 15:49:45 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\USER\Application Data\.#
[2009/07/09 15:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.purple
[2009/08/18 18:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Acreon
[2009/06/10 13:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Any Video Converter
[2009/02/25 06:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Autodesk
[2009/07/30 22:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Azureus
[2009/11/08 17:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BitTorrent
[2008/12/09 00:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Blender Foundation
[2009/04/12 19:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Bump Technologies, Inc
[2009/08/02 18:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Codemasters
[2009/04/26 20:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Command & Conquer 3 Kane's Wrath
[2008/09/27 16:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Command and Conquer 3 Tiberium Wars
[2008/09/06 19:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools
[2008/09/06 19:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools Pro
[2009/09/15 21:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Dark Sector
[2009/09/03 20:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Disney Interactive Studios
[2009/11/08 18:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DNA
[2009/04/29 20:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FMZilla
[2008/09/07 15:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\fretsonfire
[2009/04/08 10:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FusionDesk
[2009/07/09 15:07:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\gtk-2.0
[2008/10/10 17:28:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Ideazon
[2009/05/01 10:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ieSpell
[2009/01/06 17:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech
[2009/09/24 19:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\LimeWire
[2009/01/22 07:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Lionhead Studios
[2009/04/22 09:56:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MAXON
[2008/11/23 13:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MXit
[2008/10/02 15:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia
[2008/10/02 15:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\NSeries
[2009/11/06 14:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Orbit
[2008/10/02 15:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite
[2008/11/22 23:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Red Alert 3
[2009/11/03 15:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\runic games
[2008/09/08 17:47:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Application Data\SecuROM
[2009/03/08 14:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Snitter.88C687E32FFE9452F058A6F4E67005F998FC3136.1
[2008/10/02 01:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Soldat
[2009/04/02 22:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\SoundSpectrum
[2009/02/26 21:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Styler
[2009/06/14 16:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\SystemRequirementsLab
[2008/11/16 12:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Touchstone
[2009/03/14 13:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/09/07 14:23:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\uk.co.planetside
[2008/11/02 21:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Ultra Fractal 5
[2008/11/06 23:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\uTorrent
[2009/06/22 13:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Vso
[2009/08/07 22:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Wildfire
[2008/04/14 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/08 17:00:00 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/11/01 09:06:57 | 00,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/11/08 11:20:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/08 18:00:30 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3DC70F66-2C3A-4597-8A9D-AC3BDE74FC1D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87F27901
< End of report >



****************************************************************************************************************************
____________________________________________________________________________________________________________________________

****************************************************************************************************************************

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 18:12:47
Windows 5.1.2600 Service Pack 3
Running: lelzfk06.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\fxtdypog.sys


---- System - GMER 1.0.15 ----

INT 0x62 ? 8B360BF8
INT 0x63 ? 8B1C3F00
INT 0x63 ? 8B1C3F00
INT 0x82 ? 8B360BF8
INT 0x84 ? 8B1C3F00
INT 0x84 ? 8B1C3F00
INT 0x84 ? 8B1C3F00
INT 0x84 ? 8B1C3F00
INT 0x94 ? 8B1C3F00
INT 0xA4 ? 8B360BF8
INT 0xA4 ? 8B360BF8
INT 0xA4 ? 8B1C3F00
INT 0xA4 ? 8B360BF8
INT 0xB4 ? 8B360BF8
INT 0xB4 ? 8B360BF8
INT 0xB4 ? 8B360BF8

Code 8B31C348 ZwEnumerateKey
Code 8B1C2488 ZwFlushInstructionCache
Code 8B1B05CE IofCallDriver
Code 8B33D946 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8B1B05D3
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8B33D94B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8B1C248C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 4 Bytes JMP 8B31C34C
? spxg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B70078AC 5 Bytes JMP 8B1C34E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10005230 C:\Program Files\Ideazon\ZEngine\ZESystem.dll (rscoree/Remotesoft, Inc.)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 6305DA75 C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 6305CBDD C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 630019DB C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 630019AC C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 010D9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 011ADBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 011ADD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011B4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01111CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 012CE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 012CDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 012CDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 012CDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 012CDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 012CE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 012CDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 011B488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 00C9000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00BE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00C8000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 00CA000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetSetStatusCallback 6302BAED 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] WININET.dll!InternetSetStatusCallbackW 63077538 5 Bytes JMP 00C6000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01409315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 014E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 015FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 015FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 015FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 015FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 015FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 015FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 015FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 00C9000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00BE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00C8000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 00CA000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetSetStatusCallback 6302BAED 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2332] WININET.dll!InternetSetStatusCallbackW 63077538 5 Bytes JMP 00C6000A
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spxg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spxg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spxg.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!ExitThread] [63029563] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63029563] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [6305CB26] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [6301D83B] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63029563] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305CB26] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [630295EF] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [63029617] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [610014A0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [6301DA46] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [6305870E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [63057774] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63029617] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] [61001850] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [6301DA46] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColor] [6305CB26] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305CBDD] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!FillRect] [630292CF] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301E1DC] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301D628] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MoveWindow] [6301D83B] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenu] [630295EF] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongA] [610015B0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ExitThread] [63029563] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ExitThread] [63029563] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [630295A4] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ExitThread] [63029563] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [6301DA46] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[324] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E018FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B35F1F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 8B172498
Device \Driver\sptd \Device\2966750192 spxg.sys
Device \Driver\usbuhci \Device\USBPDO-1 8B172498
Device \Driver\usbuhci \Device\USBPDO-2 8B172498
Device \Driver\usbehci \Device\USBPDO-3 8B1421F8
Device \Driver\usbuhci \Device\USBPDO-4 8B172498

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 8B172498
Device \Driver\usbuhci \Device\USBPDO-6 8B172498
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B3BD1F8
Device \Driver\usbehci \Device\USBPDO-7 8B1421F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B3BD1F8
Device \Driver\Cdrom \Device\CdRom0 8B0FE1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8B0FE1F8
Device \Driver\Cdrom \Device\CdRom2 8B0FE1F8
Device \Driver\Cdrom \Device\CdRom3 8B0FE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4ED500
Device \Driver\NetBT \Device\NetbiosSmb 8A4ED500
Device \Driver\PCI_PNP6442 \Device\0000004f spxg.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 8B172498
Device \Driver\usbuhci \Device\USBFDO-1 8B172498
Device \Driver\usbuhci \Device\USBFDO-2 8B172498
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8ADAA500
Device \Driver\usbehci \Device\USBFDO-3 8B1421F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8ADAA500
Device \Driver\Ftdisk \Device\FtControl 8B3BD1F8
Device \Driver\usbuhci \Device\USBFDO-4 8B172498
Device \Driver\usbuhci \Device\USBFDO-5 8B172498
Device \Driver\usbuhci \Device\USBFDO-6 8B172498
Device \Driver\usbehci \Device\USBFDO-7 8B1421F8
Device \Driver\acl3gqyp \Device\Scsi\acl3gqyp1Port6Path0Target2Lun0 8B0F41F8
Device \Driver\acl3gqyp \Device\Scsi\acl3gqyp1 8B0F41F8
Device \Driver\acl3gqyp \Device\Scsi\acl3gqyp1Port6Path0Target1Lun0 8B0F41F8
Device \Driver\acl3gqyp \Device\Scsi\acl3gqyp1Port6Path0Target0Lun0 8B0F41F8
Device \FileSystem\Cdfs \Cdfs 8AE38500

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:06 AM

Posted 08 November 2009 - 12:10 PM

You are welcome :(

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\System32\drivers\3de320f7.sys
C:\WINDOWS\System32\drivers\2288794a.sys

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 HappyTreeFriend

HappyTreeFriend
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 08 November 2009 - 12:54 PM

I submitted those files to both the websites you provided and "File is empty (0 bytes)!" appeared on both sites for both files.

"C:\WINDOWS\System32\drivers\3de320f7.sys"
"C:\WINDOWS\System32\drivers\2288794a.sys"

are both there, but empty? hmm

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:06 AM

Posted 08 November 2009 - 01:36 PM

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\system32\ctfmon_qj.exe
C:\WINDOWS\System32\drivers\3de320f7.sys
C:\WINDOWS\System32\drivers\2288794a.sys


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to (your screename)

Click Here to upload the files please.
=====================================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - (3de320f7) -- C:\WINDOWS\System32\drivers\3de320f7.sys ()
    DRV - (2288794a) -- C:\WINDOWS\System32\drivers\2288794a.sys ()
    O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\WINDOWS\system32\ctfmon_qj.exe ()
    
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users