Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Tumblr Fixes Security Bug that Leaked Private Account Info

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Infected with trojans and possibly rootkit?

Started by Switchy , Jan 14 2010 05:44 PM

  • This topic is locked This topic is locked
19 replies to this topic

#1 Switchy

Switchy

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 14 January 2010 - 05:44 PM

Hello. A few days ago my AVG started giving me popups of Trojan.fakealert and Trojan.agent. I followed a guide on this site to get rid of them (and Internet Security 2010), but continued to get popups of trojans being on my computer. After that, I got assistance here http://www.bleepingcomputer.com/forums/ind...p;#entry1576856 and was sent to this forum.

I've followed the Prep Guide but cannot run DDS due to a missing .dll file. The person that helped me suggested RSIT instead, so I'm posting that log along with the new RootRepeal log.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-14 04:19:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (20%) free of 151 GB
Total RAM: 1918 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:15 AM, on 1/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\csrss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\Ati2evxx.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.1\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS.1\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.1\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS.1\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Windows Login.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\JMstart.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS.1\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9339 bytes

======Scheduled tasks folder======

C:\WINDOWS.1\tasks\AppleSoftwareUpdate.job
C:\WINDOWS.1\tasks\Driver Robot.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-12-04 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-11 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-19 429816]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-12-04 670912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"RTHDCPL"=C:\WINDOWS.1\RTHDCPL.EXE [2009-04-10 17879552]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-12-09 866200]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2004-04-06 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2009-11-10 5244216]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"=0 []
"DriverMax"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2009-09-30 7924056]
"DriverMax_RESTART"= []

C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Windows Login.lnk - C:\Documents and Settings\Administrator\Local Settings\Temp\JMstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS.1\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS.1\system32\avgrsstx.dll [2010-01-11 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Users\Administrator\My Documents\Flele\ssp.exe"="C:\Users\Administrator\My Documents\Flele\ssp.exe:*:Enabled:SSP"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Users\Administrator\My Documents\VLC\vlc.exe"="C:\Users\Administrator\My Documents\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Users\Administrator\Local Settings\Temp\dologin.exe"="C:\Users\Administrator\Local Settings\Temp\dologin.exe:*:Enabled:DoLoginStart"
"C:\Users\Administrator\Local Settings\Temp\JMstart.exe"="C:\Users\Administrator\Local Settings\Temp\JMstart.exe:*:Enabled:JMstart"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978b7c70-99a8-11de-ae64-0016448d0bc4}]
shell\AutoRun\command - E:\Customizer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978b7c71-99a8-11de-ae64-0016448d0bc4}]
shell\AutoRun\command - E:\mri.exe


======File associations======

.ini - open - C:\WINDOWS.1\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS.1\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-01-14 04:19:50 ----D---- C:\Program Files\trend micro
2010-01-14 04:19:46 ----D---- C:\rsit
2010-01-11 21:23:51 ----A---- C:\RootRepeal report 01-11-10 (21-23-51).txt
2010-01-11 20:45:48 ----A---- C:\RootRepeal report 01-11-10 (20-45-48).txt
2010-01-11 20:34:42 ----A---- C:\RootRepeal report 01-11-10 (20-34-42).txt
2010-01-11 15:38:46 ----HD---- C:\$AVG
2010-01-11 15:38:25 ----A---- C:\WINDOWS.1\system32\avgrsstx.dll
2010-01-11 15:37:00 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\avg9
2010-01-11 15:30:30 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Innovative Solutions
2010-01-11 15:30:10 ----D---- C:\Program Files\Innovative Solutions
2010-01-10 23:47:51 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\SUPERAntiSpyware.com
2010-01-10 23:47:16 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-10 23:47:16 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-01-10 22:35:25 ----A---- C:\WINDOWS.1\ntbtlog.txt
2010-01-10 22:13:30 ----D---- C:\Program Files\Enigma Software Group
2010-01-10 21:42:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-01-10 21:42:25 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Malwarebytes
2010-01-10 21:36:30 ----D---- C:\Program Files\xerox
2010-01-10 21:36:29 ----D---- C:\WINDOWS.1\system32\xircom
2010-01-10 21:36:29 ----D---- C:\Program Files\microsoft frontpage
2010-01-10 21:31:31 ----D---- C:\WINDOWS.1\system32\NtmsData
2010-01-10 16:35:02 ----D---- C:\Documents and Settings\Administrator\Application Data\ImgBurn
2010-01-10 16:06:40 ----D---- C:\Program Files\AC3Filter
2010-01-10 15:30:19 ----A---- C:\WINDOWS.1\BDTSupport.dll
2010-01-10 15:30:18 ----A---- C:\WINDOWS.1\SGDetectionTool.dll
2010-01-10 15:30:16 ----A---- C:\WINDOWS.1\PCTBDRes.dll
2010-01-10 15:30:16 ----A---- C:\WINDOWS.1\PCTBDCore.dll
2010-01-10 15:20:37 ----D---- C:\Program Files\Common Files\PC Tools
2010-01-10 15:20:35 ----D---- C:\Program Files\Spyware Doctor
2010-01-10 15:20:35 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\PC Tools
2010-01-10 15:20:35 ----D---- C:\Documents and Settings\Administrator\Application Data\PC Tools
2010-01-10 15:20:14 ----AD---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP
2010-01-10 13:59:15 ----D---- C:\DVDTemp
2010-01-10 13:59:00 ----D---- C:\Program Files\Super_DVD_Creator_9.8
2010-01-10 04:04:39 ----D---- C:\divx2dvd
2010-01-10 02:33:07 ----A---- C:\WINDOWS.1\Easy DVD Creator.INI
2010-01-10 02:33:02 ----D---- C:\Program Files\Easy DVD Creator
2009-12-16 02:46:44 ----A---- C:\WINDOWS.1\ToDisc.INI

======List of files/folders modified in the last 1 months======

2010-01-14 04:19:50 ----D---- C:\WINDOWS.1\Prefetch
2010-01-14 04:19:50 ----D---- C:\Program Files
2010-01-13 18:29:36 ----D---- C:\WINDOWS.1\Temp
2010-01-13 14:39:15 ----D---- C:\Program Files\Mozilla Firefox
2010-01-13 14:26:44 ----D---- C:\WINDOWS.1\system32\drivers
2010-01-13 14:26:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
2010-01-13 14:26:08 ----A---- C:\WINDOWS.1\RTacDbg.txt
2010-01-13 14:26:04 ----D---- C:\WINDOWS.1
2010-01-13 14:25:10 ----SHD---- C:\WINDOWS.1\CSC
2010-01-12 16:04:33 ----D---- C:\WINDOWS.1\system32\CatRoot2
2010-01-11 22:40:29 ----A---- C:\WINDOWS.1\SchedLgU.Txt
2010-01-11 20:37:42 ----D---- C:\WINDOWS.1\system32
2010-01-11 15:37:04 ----D---- C:\Program Files\AVG
2010-01-11 15:36:52 ----SHD---- C:\WINDOWS.1\Installer
2010-01-11 15:32:16 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-01-11 14:46:36 ----SD---- C:\WINDOWS.1\Tasks
2010-01-10 23:46:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-10 22:34:51 ----D---- C:\WINDOWS.1\Cursors
2010-01-10 21:55:19 ----D---- C:\Program Files\Veoh
2010-01-10 21:53:12 ----D---- C:\WINDOWS.1\PeerNet
2010-01-10 21:42:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-10 21:36:40 ----SHD---- C:\System Volume Information
2010-01-10 21:36:40 ----D---- C:\WINDOWS.1\system32\Restore
2010-01-10 21:36:29 ----D---- C:\WINDOWS.1\system32\wbem
2010-01-10 21:36:29 ----D---- C:\WINDOWS.1\ime
2010-01-10 21:36:29 ----D---- C:\WINDOWS.1\Help
2010-01-10 21:36:22 ----D---- C:\Program Files\Yahoo!
2010-01-10 16:06:44 ----D---- C:\Downloads
2010-01-10 15:33:51 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2010-01-10 15:31:28 ----D---- C:\Program Files\QuickTime
2010-01-10 15:27:38 ----D---- C:\WINDOWS.1\WinSxS
2010-01-10 15:27:12 ----HD---- C:\WINDOWS.1\inf
2010-01-10 15:22:33 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\WildTangent
2010-01-10 15:20:52 ----D---- C:\Program Files\XviD
2010-01-10 15:20:37 ----D---- C:\Program Files\Common Files
2010-01-07 19:01:53 ----D---- C:\Program Files\Data
2009-12-29 00:03:38 ----D---- C:\Program Files\Quick Screen Capture
2009-12-28 23:19:14 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2009-12-28 23:17:29 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Yahoo!
2009-12-25 17:44:04 ----D---- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Electronic Arts
2009-12-24 16:08:46 ----D---- C:\Documents and Settings\Administrator\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS.1\System32\Drivers\avgldx86.sys [2010-01-11 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS.1\System32\Drivers\avgmfx86.sys [2010-01-11 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS.1\System32\Drivers\avgtdix.sys [2010-01-11 360584]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS.1\system32\DRIVERS\AegisP.sys [2009-05-02 21035]
R2 Aspi32;Aspi32; C:\WINDOWS.1\system32\drivers\Aspi32.sys [2006-02-25 16877]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS.1\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS.1\system32\DRIVERS\rspndr.sys [2008-05-29 62848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.1\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS.1\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS.1\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.1\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.1\system32\drivers\RtkHDAud.sys [2009-04-14 5069312]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.1\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS.1\system32\DRIVERS\RTL8187B.sys [2009-02-23 338944]
R3 sdbus;sdbus; C:\WINDOWS.1\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.1\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.1\system32\DRIVERS\usbehci.sys [2008-04-24 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS.1\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS.1\system32\DRIVERS\usbohci.sys [2008-02-26 17152]
R3 usbvideo;Chicony USB 2.0 Camera; C:\WINDOWS.1\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 UVCFTR;UVCFTR; C:\WINDOWS.1\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 WSIMD;wsimd Service; C:\WINDOWS.1\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S3 a9wfhfwi;a9wfhfwi; C:\WINDOWS.1\system32\drivers\a9wfhfwi.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS.1\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS.1\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.1\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS.1\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS.1\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:\WINDOWS.1\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.1\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.1\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 ndisdrv;ndisdrv; \??\C:\WINDOWS.1\system32\ndisdrv.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.1\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS.1\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS.1\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS.1\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS.1\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS.1\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.1\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.1\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS.1\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.1\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.1\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS.1\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS.1\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.1\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-11 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-11 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe [2007-10-12 71096]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.1\system32\wdfmgr.exe [2005-01-28 38912]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Ias;Network Security; C:\WINDOWS.1\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS.1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]

-----------------EOF-----------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/14 15:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: mchInjDrv.sys
Image Path: C:\WINDOWS.1\system32\Drivers\mchInjDrv.sys
Address: 0xF7AA8000 Size: 2560 File Visible: No Signed: -
Status: -

Name: PCI_PNP0554
Image Path: \Driver\PCI_PNP0554
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS.1\system32\drivers\rootrepeal.sys
Address: 0xAD51A000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spje.sys
Image Path: spje.sys
Address: 0xF74E3000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Users\All Users
Status: Locked to the Windows API!

Path: C:\Users\Tai\My Documents
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4849d54916203321a96dae7bbaa6534bad8527ac43ad476284d52f87f763b384.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ea23c2347043051e35d7731754b9494bbc1a5f4c767e23e9809936f02340620d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\$$DeleteMe.wininet.dll.01c98cfa68a311da.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\$$DeleteMe.wininet.dll.01c9be73d84d14c1.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\$$DeleteMe.kernel32.dll.01c9be73dc7f4cc1.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\$$DeleteMe.lsasrv.dll.01c9be73dc4aa831.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\$$DeleteMe.lsass.exe.01c9be73dc17d861.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\$$DeleteMe.secur32.dll.01c9be73dcf60361.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16508_none_20380cd258151361\$$DeleteMe.schannel.dll.01c9a228ec224430.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16386_none_f912915e7cd19314\$$DeleteMe.fastprox.dll.01c9be73e2113bd1.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16386_none_22973772c5385326\$$DeleteMe.winhttp.dll.01c9be73e6be4921.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\$$DeleteMe.wmp.dll.01c9a228ecd392d0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\$$DeleteMe.wmploc.DLL.01c9a228eceac450.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\$$DeleteMe.iertutil.dll.01c98cfa67fbfc6a.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\$$DeleteMe.iertutil.dll.01c9be73d7598d01.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\$$DeleteMe.urlmon.dll.01c98cfa6726d21a.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\$$DeleteMe.urlmon.dll.01c9be73d647cee1.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16386_none_0e2bfc8f8e79f8f3\$$DeleteMe.WmiPrvSD.dll.01c9be73e2440ba1.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16386_none_0e2bfc8f8e79f8f3\$$DeleteMe.WmiPrvSE.exe.01c9be73e1b75c01.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\$$DeleteMe.rpcss.dll.01c9be73e119bc71.0007
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sqmapi.dll
Status: Locked to the Windows API!

Path: C:\Users\Administrator\My Documents\Videos\AMVs\suichi~1.mpg:Zone.Identifier
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spje.sys" at address 0xf74e40e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spje.sys" at address 0xf74fcda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spje.sys" at address 0xf74fd132

#: 119 Function Name: NtOpenKey
Status: Hooked by "spje.sys" at address 0xf74e40c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spje.sys" at address 0xf74fd20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spje.sys" at address 0xf74fd08a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spje.sys" at address 0xf74fd29c

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_CREATE]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_CLOSE]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_POWER]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: a9wfhfwiȅఐ卆浩>, IRP_MJ_PNP]
Process: System Address: 0x897521f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89831500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89831500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89831500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89831500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89831500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89831500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x897b1500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x890fa1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x890fa1f8 Size: 121

==EOF==


BC AdBot (Login to Remove)

 

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 20 January 2010 - 04:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 21 January 2010 - 07:13 PM

I was actually expecting to have to wait longer, hence the delayed reply (I just checked the forum today; will definitely be turning on email notifications ^^).

So, problems that I've been having. Well, about a week ago AVG started popping up telling me I have Trojan.fakealert and Trojan.agent as well as an annoying fake antivirus called Internet Security 2010. I got rid of Internet Security using a guide online (I actually had to go online on my phone, as it was blocking me from going to most any webpages). But AVG continued to pop up telling me I had Trojans- unfortunately I cleaned my Virus Vault and reinstalled AVG, so I have no record of what it was telling me I had. With that failing, I came here and followed Boopme's instructions on this thread: http://www.bleepingcomputer.com/forums/ind...p;#entry1576856 Currently I have these Trojans in the Virus Vault: Crypt.LZO, Downloader.Small.GSQ, Pakes.ELN, Generic16.ZZT.

As for other problems...Safe mode runs ridiculously slow for me, don't know if that's normal or not. My computer just recently started doing the startup/shutdown music again (it hasn't done that in almost a year, I was very surprised). Firefox usually takes a few minutes to open, but other programs work fine. Sometimes I'll close Firefox and try to open it again, but a notification tells me it's already running and to close it. So I have to go into Task Manager and end the process. My DVD drive has disappeared a few times, and updating drivers never helps; I have to uninstall it and restart my computer for it to recognize that it's there.

I dunno if that helps or not. Also, I'm on a Toshiba Satellite laptop that's a little over 2yrs old. This is the first time AVG has notified me of any major problems.

Here's the logs:

OTL logfile created on: 1/21/2010 3:17:23 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 25.23 Gb Free Space | 17.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAIBOX
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/21 14:42:29 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/01/15 22:10:34 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/11 19:19:21 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/11 15:37:30 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/11 15:37:29 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/11 15:37:29 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/11 15:37:28 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/11 15:37:16 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/11 15:37:14 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/11 15:37:10 | 00,745,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/29 18:08:50 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.1\system32\ati2evxx.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/10 12:38:16 | 17,879,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.1\RTHDCPL.EXE
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 02:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\explorer.exe
PRC - [2008/05/01 23:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2007/02/14 12:55:52 | 00,794,624 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
PRC - [2004/04/06 09:00:00 | 00,015,360 | ---- | M] () -- C:\Program Files\WinRoll\winroll.exe


========== Modules (SafeList) ==========

MOD - [2010/01/21 14:42:29 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/05/01 23:15:36 | 00,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2004/04/06 09:00:00 | 00,008,704 | ---- | M] () -- C:\Program Files\WinRoll\winroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/11 15:37:16 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/11 15:37:14 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/29 18:08:50 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS.1\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/11 15:38:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/11 15:38:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/11 15:38:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/12 20:25:13 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.1\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS.1\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/29 20:18:22 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/10 05:53:48 | 00,341,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/02 21:49:16 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/04/14 15:09:56 | 05,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/20 10:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS.1\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/05 19:10:12 | 01,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 03:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 03:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 03:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/02/08 08:46:36 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/04/16 18:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/15 15:23:06 | 00,038,144 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2006/02/25 07:13:06 | 00,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/01/04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\S-1-5-21-1715567821-1580436667-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\S-1-5-21-1715567821-1580436667-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://imagni.deviantart.com/|http://www.tinierme.com/tinierme/html/index2.html|http://twitter.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/11 15:37:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 15:07:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 15:07:53 | 00,000,000 | ---D | M]

[2009/05/02 23:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/20 21:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions
[2009/05/27 22:49:54 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/05/28 14:27:40 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/12 20:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\DTToolbar@toolbarnet.com
[2009/07/26 22:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\searchrecs@veoh.com
[2009/12/12 20:25:48 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\searchplugins\daemon-search.xml
[2009/05/27 22:50:16 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\searchplugins\winamp-search.xml
[2010/01/20 21:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/24 13:50:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/21 14:36:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2008/12/24 13:50:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\yahoo_dex@partners.mozilla.com
[2008/09/03 17:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/06/17 23:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/01/10 22:13:53 | 00,000,727 | ---- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.1\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe ()
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] File not found
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\JMstart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Tai\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tai\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.1\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS.1\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\My Documents\My Pictures\Wallpaper Worthy\34e2169bd59e0b6824ad65bf2e78485a.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{978b7c70-99a8-11de-ae64-0016448d0bc4}\Shell\AutoRun\command - "" = E:\Customizer.exe -- File not found
O33 - MountPoints2\{978b7c71-99a8-11de-ae64-0016448d0bc4}\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 02:36:20 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/01/19 20:19:56 | 00,000,000 | ---D | C] -- C:\Program Files\Xenorate Codec Pack
[2010/01/18 21:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/01/14 20:53:52 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticalrt.dll
[2010/01/14 20:53:51 | 03,227,648 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticaldd.dll
[2010/01/14 20:53:51 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticalcl.dll
[2010/01/14 20:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2010/01/14 15:03:40 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/14 04:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/01/14 04:19:46 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/13 16:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Disc Stuff
[2010/01/11 15:38:46 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/11 15:38:25 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\avgrsstx.dll
[2010/01/11 15:38:23 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgtdix.sys
[2010/01/11 15:38:16 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgldx86.sys
[2010/01/11 15:38:15 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgmfx86.sys
[2010/01/11 15:37:40 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\drivers\Avg
[2010/01/11 15:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\avg9
[2010/01/11 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/11 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/11 15:32:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/11 15:32:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\My Drivers
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Innovative Solutions
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2010/01/11 15:30:10 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/01/10 23:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\SUPERAntiSpyware.com
[2010/01/10 23:47:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/01/10 23:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/10 22:38:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2010/01/10 22:24:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\First Aid
[2010/01/10 22:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/01/10 21:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/10 21:42:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbamswissarmy.sys
[2010/01/10 21:42:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Malwarebytes
[2010/01/10 21:42:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbam.sys
[2010/01/10 21:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/01/10 21:36:29 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\xircom
[2010/01/10 21:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/01/10 21:31:31 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\NtmsData
[2010/01/10 20:28:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Videos
[2010/01/10 16:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/01/10 16:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/01/10 15:30:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS.1\SGDetectionTool.dll
[2010/01/10 15:30:16 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS.1\PCTBDCore.dll
[2010/01/10 15:30:16 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS.1\PCTBDRes.dll
[2010/01/10 15:21:44 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\pctgntdi.sys
[2010/01/10 15:21:11 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\PCTCore.sys
[2010/01/10 15:21:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\PCTAppEvent.sys
[2010/01/10 15:20:50 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\pctplsg.sys
[2010/01/10 15:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\PC Tools
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/01/10 15:20:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP
[2010/01/10 13:59:15 | 00,000,000 | ---D | C] -- C:\DVDTemp
[2010/01/10 13:59:00 | 00,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.8
[2010/01/10 04:04:39 | 00,000,000 | ---D | C] -- C:\divx2dvd
[2010/01/10 02:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Easy DVD Creator
[2009/12/25 17:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Documents\DAEMON Tools Images
[2009/05/28 07:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/01/21 14:09:33 | 54,461,828 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\incavi.avm
[2010/01/21 02:18:08 | 00,061,652 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\soldier boys.rtf
[2010/01/20 23:13:49 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/19 20:46:03 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/19 18:56:50 | 00,142,495 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\microavi.avg
[2010/01/19 14:40:36 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Orbit.lnk
[2010/01/19 14:39:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT
[2010/01/19 14:39:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat
[2010/01/19 14:37:10 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/18 00:48:31 | 00,003,809 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\draft.rtf
[2010/01/17 12:33:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl
[2010/01/17 02:16:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS.1\tasks\Driver Robot.job
[2010/01/14 23:13:41 | 07,670,930 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Hello Cloud.flv
[2010/01/14 22:28:22 | 50,161,454 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Zack & Cloud - Time of Dying.mp4
[2010/01/14 20:24:05 | 04,235,754 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/14 17:21:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\avi7.avg
[2010/01/14 17:21:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\miniavi.avg
[2010/01/14 15:03:41 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/14 15:02:09 | 41,411,89120 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Backup Jan 2010.bkf
[2010/01/14 08:09:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS.1\tasks\AppleSoftwareUpdate.job
[2010/01/14 04:16:03 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT(2).exe
[2010/01/14 03:51:30 | 00,046,822 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\13542_208080167060_648607060_3698511_10380_n.jpg
[2010/01/14 02:49:42 | 00,128,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 14:22:27 | 00,007,728 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\copy.rtf
[2010/01/11 15:38:25 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\avgrsstx.dll
[2010/01/11 15:38:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgtdix.sys
[2010/01/11 15:38:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgldx86.sys
[2010/01/11 15:38:15 | 00,113,461 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\iavichjw.avm
[2010/01/11 15:38:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgmfx86.sys
[2010/01/11 01:11:39 | 00,000,664 | ---- | M] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/01/10 13:59:19 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk
[2010/01/10 02:33:09 | 00,000,067 | ---- | M] () -- C:\WINDOWS.1\Easy DVD Creator.INI
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbam.sys
[2009/12/29 00:03:39 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Quick Screen Capture.lnk

========== Files Created - No Company Name ==========

[2010/01/18 21:00:38 | 00,061,652 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\soldier boys.rtf
[2010/01/18 00:20:07 | 00,003,809 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\draft.rtf
[2010/01/15 01:39:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/14 23:10:49 | 07,670,930 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Hello Cloud.flv
[2010/01/14 22:18:18 | 50,161,454 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Zack & Cloud - Time of Dying.mp4
[2010/01/14 14:47:37 | 41,411,89120 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Backup Jan 2010.bkf
[2010/01/14 04:16:02 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT(2).exe
[2010/01/14 03:51:28 | 00,046,822 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\13542_208080167060_648607060_3698511_10380_n.jpg
[2010/01/13 14:22:27 | 00,007,728 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\copy.rtf
[2010/01/11 15:38:15 | 00,113,461 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\iavichjw.avm
[2010/01/11 15:37:43 | 54,461,828 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\incavi.avm
[2010/01/11 15:37:42 | 00,492,629 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\miniavi.avg
[2010/01/11 15:37:42 | 00,142,495 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\microavi.avg
[2010/01/11 15:37:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\avi7.avg
[2010/01/11 14:46:36 | 00,000,354 | ---- | C] () -- C:\WINDOWS.1\tasks\Driver Robot.job
[2010/01/11 01:11:39 | 00,000,664 | ---- | C] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/01/10 16:07:52 | 00,380,928 | ---- | C] () -- C:\WINDOWS.1\System32\ac3filter.acm
[2010/01/10 15:30:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS.1\BDTSupport.dll
[2010/01/10 15:30:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS.1\UDB.zip
[2010/01/10 15:30:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS.1\RegSDImport.xml
[2010/01/10 15:30:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS.1\RegISSImport.xml
[2010/01/10 15:30:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS.1\IDB.zip
[2010/01/10 15:21:44 | 00,007,387 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctgntdi.cat
[2010/01/10 15:21:11 | 00,007,412 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\PCTAppEvent.cat
[2010/01/10 15:21:11 | 00,007,383 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctcore.cat
[2010/01/10 15:20:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctplsg.cat
[2010/01/10 13:59:19 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk
[2010/01/10 02:33:07 | 00,000,067 | ---- | C] () -- C:\WINDOWS.1\Easy DVD Creator.INI
[2009/12/29 00:03:39 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Quick Screen Capture.lnk
[2009/12/16 02:46:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\ToDisc.INI
[2009/12/12 20:25:13 | 00,691,696 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\sptd.sys
[2009/07/26 22:34:30 | 00,323,584 | ---- | C] () -- C:\WINDOWS.1\System32\FoxImager.dll
[2009/07/01 04:23:01 | 00,012,288 | ---- | C] () -- C:\WINDOWS.1\impborl.dll
[2009/06/23 21:16:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI
[2009/05/05 19:46:40 | 00,001,300 | ---- | C] () -- C:\WINDOWS.1\System32\cool.dll
[2009/05/03 17:21:14 | 00,128,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 21:28:41 | 00,164,352 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll
[2009/05/02 21:28:41 | 00,000,038 | ---- | C] () -- C:\WINDOWS.1\avisplitter.ini
[2009/05/02 21:28:38 | 03,596,288 | ---- | C] () -- C:\WINDOWS.1\System32\qt-dx331.dll
[2009/05/02 21:28:37 | 00,057,344 | ---- | C] () -- C:\WINDOWS.1\System32\ff_vfw.dll
[2009/05/02 21:28:37 | 00,000,547 | ---- | C] () -- C:\WINDOWS.1\System32\ff_vfw.dll.manifest
[2008/04/14 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS.1\System32\CopyToSendTo.dll
[2003/09/23 05:40:34 | 00,394,240 | ---- | C] () -- C:\WINDOWS.1\System32\HMTCD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:A8ADE5D8
< End of report >
DRV - [2010/01/11 15:38:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/11 15:38:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/11 15:38:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/12 20:25:13 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.1\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS.1\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/29 20:18:22 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/10 05:53:48 | 00,341,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/02 21:49:16 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/04/14 15:09:56 | 05,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/20 10:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS.1\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/05 19:10:12 | 01,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 03:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 03:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 03:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/02/08 08:46:36 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/04/16 18:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/15 15:23:06 | 00,038,144 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2006/02/25 07:13:06 | 00,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/01/04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\S-1-5-21-1715567821-1580436667-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\S-1-5-21-1715567821-1580436667-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://imagni.deviantart.com/|http://www.tinierme.com/tinierme/html/index2.html|http://twitter.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/11 15:37:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 15:07:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 15:07:53 | 00,000,000 | ---D | M]

[2009/05/02 23:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/20 21:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions
[2009/05/27 22:49:54 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/05/28 14:27:40 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/12 20:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\DTToolbar@toolbarnet.com
[2009/07/26 22:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\searchrecs@veoh.com
[2009/12/12 20:25:48 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\searchplugins\daemon-search.xml
[2009/05/27 22:50:16 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\searchplugins\winamp-search.xml
[2010/01/20 21:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/24 13:50:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/21 14:36:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2008/12/24 13:50:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\yahoo_dex@partners.mozilla.com
[2008/09/03 17:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/06/17 23:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/01/10 22:13:53 | 00,000,727 | ---- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.1\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe ()
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] File not found
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\JMstart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Tai\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tai\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.1\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS.1\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\My Documents\My Pictures\Wallpaper Worthy\34e2169bd59e0b6824ad65bf2e78485a.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{978b7c70-99a8-11de-ae64-0016448d0bc4}\Shell\AutoRun\command - "" = E:\Customizer.exe -- File not found
O33 - MountPoints2\{978b7c71-99a8-11de-ae64-0016448d0bc4}\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 02:36:20 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/01/19 20:19:56 | 00,000,000 | ---D | C] -- C:\Program Files\Xenorate Codec Pack
[2010/01/18 21:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/01/14 20:53:52 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticalrt.dll
[2010/01/14 20:53:51 | 03,227,648 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticaldd.dll
[2010/01/14 20:53:51 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticalcl.dll
[2010/01/14 20:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2010/01/14 15:03:40 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/14 04:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/01/14 04:19:46 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/13 16:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Disc Stuff
[2010/01/11 15:38:46 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/11 15:38:25 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\avgrsstx.dll
[2010/01/11 15:38:23 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgtdix.sys
[2010/01/11 15:38:16 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgldx86.sys
[2010/01/11 15:38:15 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgmfx86.sys
[2010/01/11 15:37:40 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\drivers\Avg
[2010/01/11 15:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\avg9
[2010/01/11 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/11 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/11 15:32:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/11 15:32:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\My Drivers
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Innovative Solutions
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2010/01/11 15:30:10 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/01/10 23:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\SUPERAntiSpyware.com
[2010/01/10 23:47:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/01/10 23:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/10 22:38:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2010/01/10 22:24:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\First Aid
[2010/01/10 22:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/01/10 21:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/10 21:42:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbamswissarmy.sys
[2010/01/10 21:42:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Malwarebytes
[2010/01/10 21:42:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbam.sys
[2010/01/10 21:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/01/10 21:36:29 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\xircom
[2010/01/10 21:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/01/10 21:31:31 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\NtmsData
[2010/01/10 20:28:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Videos
[2010/01/10 16:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/01/10 16:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/01/10 15:30:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS.1\SGDetectionTool.dll
[2010/01/10 15:30:16 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS.1\PCTBDCore.dll
[2010/01/10 15:30:16 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS.1\PCTBDRes.dll
[2010/01/10 15:21:44 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\pctgntdi.sys
[2010/01/10 15:21:11 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\PCTCore.sys
[2010/01/10 15:21:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\PCTAppEvent.sys
[2010/01/10 15:20:50 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\pctplsg.sys
[2010/01/10 15:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\PC Tools
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/01/10 15:20:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP
[2010/01/10 13:59:15 | 00,000,000 | ---D | C] -- C:\DVDTemp
[2010/01/10 13:59:00 | 00,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.8
[2010/01/10 04:04:39 | 00,000,000 | ---D | C] -- C:\divx2dvd
[2010/01/10 02:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Easy DVD Creator
[2009/12/25 17:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Documents\DAEMON Tools Images
[2009/05/28 07:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/01/21 14:09:33 | 54,461,828 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\incavi.avm
[2010/01/21 02:18:08 | 00,061,652 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\soldier boys.rtf
[2010/01/20 23:13:49 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/19 20:46:03 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/19 18:56:50 | 00,142,495 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\microavi.avg
[2010/01/19 14:40:36 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Orbit.lnk
[2010/01/19 14:39:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT
[2010/01/19 14:39:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat
[2010/01/19 14:37:10 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/18 00:48:31 | 00,003,809 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\draft.rtf
[2010/01/17 12:33:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl
[2010/01/17 02:16:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS.1\tasks\Driver Robot.job
[2010/01/14 23:13:41 | 07,670,930 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Hello Cloud.flv
[2010/01/14 22:28:22 | 50,161,454 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Zack & Cloud - Time of Dying.mp4
[2010/01/14 20:24:05 | 04,235,754 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/14 17:21:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\avi7.avg
[2010/01/14 17:21:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\miniavi.avg
[2010/01/14 15:03:41 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/14 15:02:09 | 41,411,89120 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Backup Jan 2010.bkf
[2010/01/14 08:09:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS.1\tasks\AppleSoftwareUpdate.job
[2010/01/14 04:16:03 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT(2).exe
[2010/01/14 03:51:30 | 00,046,822 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\13542_208080167060_648607060_3698511_10380_n.jpg
[2010/01/14 02:49:42 | 00,128,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 14:22:27 | 00,007,728 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\copy.rtf
[2010/01/11 15:38:25 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\avgrsstx.dll
[2010/01/11 15:38:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgtdix.sys
[2010/01/11 15:38:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgldx86.sys
[2010/01/11 15:38:15 | 00,113,461 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\iavichjw.avm
[2010/01/11 15:38:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgmfx86.sys
[2010/01/11 01:11:39 | 00,000,664 | ---- | M] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/01/10 13:59:19 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk
[2010/01/10 02:33:09 | 00,000,067 | ---- | M] () -- C:\WINDOWS.1\Easy DVD Creator.INI
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbam.sys
[2009/12/29 00:03:39 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Quick Screen Capture.lnk

========== Files Created - No Company Name ==========

[2010/01/18 21:00:38 | 00,061,652 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\soldier boys.rtf
[2010/01/18 00:20:07 | 00,003,809 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\draft.rtf
[2010/01/15 01:39:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/14 23:10:49 | 07,670,930 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Hello Cloud.flv
[2010/01/14 22:18:18 | 50,161,454 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Zack & Cloud - Time of Dying.mp4
[2010/01/14 14:47:37 | 41,411,89120 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Backup Jan 2010.bkf
[2010/01/14 04:16:02 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT(2).exe
[2010/01/14 03:51:28 | 00,046,822 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\13542_208080167060_648607060_3698511_10380_n.jpg
[2010/01/13 14:22:27 | 00,007,728 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\copy.rtf
[2010/01/11 15:38:15 | 00,113,461 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\iavichjw.avm
[2010/01/11 15:37:43 | 54,461,828 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\incavi.avm
[2010/01/11 15:37:42 | 00,492,629 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\miniavi.avg
[2010/01/11 15:37:42 | 00,142,495 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\microavi.avg
[2010/01/11 15:37:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\avi7.avg
[2010/01/11 14:46:36 | 00,000,354 | ---- | C] () -- C:\WINDOWS.1\tasks\Driver Robot.job
[2010/01/11 01:11:39 | 00,000,664 | ---- | C] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/01/10 16:07:52 | 00,380,928 | ---- | C] () -- C:\WINDOWS.1\System32\ac3filter.acm
[2010/01/10 15:30:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS.1\BDTSupport.dll
[2010/01/10 15:30:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS.1\UDB.zip
[2010/01/10 15:30:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS.1\RegSDImport.xml
[2010/01/10 15:30:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS.1\RegISSImport.xml
[2010/01/10 15:30:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS.1\IDB.zip
[2010/01/10 15:21:44 | 00,007,387 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctgntdi.cat
[2010/01/10 15:21:11 | 00,007,412 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\PCTAppEvent.cat
[2010/01/10 15:21:11 | 00,007,383 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctcore.cat
[2010/01/10 15:20:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctplsg.cat
[2010/01/10 13:59:19 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk
[2010/01/10 02:33:07 | 00,000,067 | ---- | C] () -- C:\WINDOWS.1\Easy DVD Creator.INI
[2009/12/29 00:03:39 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Quick Screen Capture.lnk
[2009/12/16 02:46:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\ToDisc.INI
[2009/12/12 20:25:13 | 00,691,696 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\sptd.sys
[2009/07/26 22:34:30 | 00,323,584 | ---- | C] () -- C:\WINDOWS.1\System32\FoxImager.dll
[2009/07/01 04:23:01 | 00,012,288 | ---- | C] () -- C:\WINDOWS.1\impborl.dll
[2009/06/23 21:16:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI
[2009/05/05 19:46:40 | 00,001,300 | ---- | C] () -- C:\WINDOWS.1\System32\cool.dll
[2009/05/03 17:21:14 | 00,128,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 21:28:41 | 00,164,352 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll
[2009/05/02 21:28:41 | 00,000,038 | ---- | C] () -- C:\WINDOWS.1\avisplitter.ini
[2009/05/02 21:28:38 | 03,596,288 | ---- | C] () -- C:\WINDOWS.1\System32\qt-dx331.dll
[2009/05/02 21:28:37 | 00,057,344 | ---- | C] () -- C:\WINDOWS.1\System32\ff_vfw.dll
[2009/05/02 21:28:37 | 00,000,547 | ---- | C] () -- C:\WINDOWS.1\System32\ff_vfw.dll.manifest
[2008/04/14 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS.1\System32\CopyToSendTo.dll
[2003/09/23 05:40:34 | 00,394,240 | ---- | C] () -- C:\WINDOWS.1\System32\HMTCD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 1/21/2010 3:17:23 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 25.23 Gb Free Space | 17.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAIBOX
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Users\Administrator\My Documents\Flele\ssp.exe" = C:\Users\Administrator\My Documents\Flele\ssp.exe:*:Enabled:SSP -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Users\Administrator\My Documents\VLC\vlc.exe" = C:\Users\Administrator\My Documents\VLC\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Users\Administrator\Local Settings\Temp\dologin.exe" = C:\Users\Administrator\Local Settings\Temp\dologin.exe:*:Enabled:DoLoginStart -- File not found
"C:\Users\Administrator\Local Settings\Temp\JMstart.exe" = C:\Users\Administrator\Local Settings\Temp\JMstart.exe:*:Enabled:JMstart -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = Realtek WLAN driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALShow_is1" = ALShow
"ALUpdate_is1" = ALTools Update
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.11
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DMX5_is1" = DriverMax 5
"EADM" = EA Download Manager
"ffdshow" = ffdshow (remove only)
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Orbit_is1" = Orbit Downloader
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"Spyware Doctor" = Spyware Doctor 7.0
"SumatraPDF" = SumatraPDF
"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2009 5:52:47 PM | Computer Name = TAIBOX | Source = MsiInstaller | ID = 11101
Description =

[ System Events ]
Error - 1/11/2010 2:57:29 AM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/11/2010 2:57:48 AM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/11/2010 4:34:29 PM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/12/2010 2:18:06 AM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 2:18:29 AM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/12/2010 2:32:37 AM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 2:33:00 AM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/12/2010 7:02:24 PM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 7:02:49 PM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/21/2010 5:02:40 PM | Computer Name = TAIBOX | Source = PSched | ID = 14103
Description = QoS [Adapter {2614BE59-EBF7-4AE1-8165-166CF43F8E4E}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Users\Administrator\My Documents\Flele\ssp.exe" = C:\Users\Administrator\My Documents\Flele\ssp.exe:*:Enabled:SSP -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Users\Administrator\My Documents\VLC\vlc.exe" = C:\Users\Administrator\My Documents\VLC\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Users\Administrator\Local Settings\Temp\dologin.exe" = C:\Users\Administrator\Local Settings\Temp\dologin.exe:*:Enabled:DoLoginStart -- File not found
"C:\Users\Administrator\Local Settings\Temp\JMstart.exe" = C:\Users\Administrator\Local Settings\Temp\JMstart.exe:*:Enabled:JMstart -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = Realtek WLAN driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALShow_is1" = ALShow
"ALUpdate_is1" = ALTools Update
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.11
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DMX5_is1" = DriverMax 5
"EADM" = EA Download Manager
"ffdshow" = ffdshow (remove only)
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Orbit_is1" = Orbit Downloader
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"Spyware Doctor" = Spyware Doctor 7.0
"SumatraPDF" = SumatraPDF
"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2009 5:52:47 PM | Computer Name = TAIBOX | Source = MsiInstaller | ID = 11101
Description =

[ System Events ]
Error - 1/11/2010 2:57:29 AM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/11/2010 2:57:48 AM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/11/2010 4:34:29 PM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/12/2010 2:18:06 AM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 2:18:29 AM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/12/2010 2:32:37 AM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 2:33:00 AM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/12/2010 7:02:24 PM | Computer Name = TAIBOX | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 7:02:49 PM | Computer Name = TAIBOX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/21/2010 5:02:40 PM | Computer Name = TAIBOX | Source = PSched | ID = 14103
Description = QoS [Adapter {2614BE59-EBF7-4AE1-8165-166CF43F8E4E}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >


Thank you for taking the time to help me!

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 22 January 2010 - 11:48 AM

Hi,

please run a scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In which files are the current infections found?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 22 January 2010 - 07:07 PM

In the same order I listed them, the infections are located in the following places:

C:\System Volume Information\_restore{58DAF7A1-271D-4179-9F90-8AD8B36A9F33}\RP5\A0000337.exe
C:\RECYCLER\S-1-5-21-1715567821-1580436667-1417001333-500\Dc24.exe
C:\System Volume Information\_restore{58DAF7A1-271D-4179-9F90-8AD8B36A9F33}\RP5\A0000468.exe
C:\System Volume Information\_restore{58DAF7A1-271D-4179-9F90-8AD8B36A9F33}\RP5\A0000028.exe

Hope that's what you meant, heh.

I started GMER in Safe Mode with Drivers unchecked, because last time I ran it I got the blue screen until I ran it that way. It scanned for about 15 minutes before giving me another blue screen. I wrote down what it said at the top:

A problem has been detected and windows has been shut down to prevent damage to your computer.

And what the technical information said:

*** STOP: 0x0000007F (0x000000D, 0x000000, 0x000000, 0x000000, 0x000000)

Nothing else was running at the time. It didn't do that last time I ran it that way, about a week ago, so I'm rather confused.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 23 January 2010 - 11:23 AM

Hi,

gmer sometimes will not work because of interfering programs such as a security programs or cd emulation. Please run alternative tools:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 23 January 2010 - 06:04 PM

In retrospect I think I may have missed something when I was disabling AVG (sheepish smile), but here are the reports.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys spya.sys hal.dll >>UNKNOWN [0x89B00938]<<
kernel: MBR read successfully
user & kernel MBR OK
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/23 14:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: mbr.sys
Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
Address: 0xAE979000 Size: 20864 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS.1\system32\Drivers\mchInjDrv.sys
Address: 0xBA43F000 Size: 2560 File Visible: No Signed: -
Status: -

Name: PCI_PNP2074
Image Path: \Driver\PCI_PNP2074
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS.1\system32\drivers\rootrepeal.sys
Address: 0xAE17C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spya.sys
Image Path: spya.sys
Address: 0xF74E3000 Size: 995328 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Users\All Users
Status: Locked to the Windows API!

Path: C:\Users\Tai\My Documents
Status: Locked to the Windows API!

Path: c:\windows.1\temp\bbc95f08-c2a8-46cd-a71b-e776e28748a8.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\windows.1\temp\dfd006b7-5653-4f84-873b-9610aea191db.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4849d54916203321a96dae7bbaa6534bad8527ac43ad476284d52f87f763b384.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ea23c2347043051e35d7731754b9494bbc1a5f4c767e23e9809936f02340620d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\$$DeleteMe.wininet.dll.01c98cfa68a311da.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\$$DeleteMe.wininet.dll.01c9be73d84d14c1.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\$$DeleteMe.kernel32.dll.01c9be73dc7f4cc1.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\$$DeleteMe.lsasrv.dll.01c9be73dc4aa831.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\$$DeleteMe.lsass.exe.01c9be73dc17d861.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\$$DeleteMe.secur32.dll.01c9be73dcf60361.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16508_none_20380cd258151361\$$DeleteMe.schannel.dll.01c9a228ec224430.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16386_none_f912915e7cd19314\$$DeleteMe.fastprox.dll.01c9be73e2113bd1.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16386_none_22973772c5385326\$$DeleteMe.winhttp.dll.01c9be73e6be4921.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\$$DeleteMe.wmp.dll.01c9a228ecd392d0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16557_none_095474fd52156893\$$DeleteMe.wmploc.DLL.01c9a228eceac450.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\$$DeleteMe.iertutil.dll.01c98cfa67fbfc6a.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\$$DeleteMe.iertutil.dll.01c9be73d7598d01.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\$$DeleteMe.urlmon.dll.01c98cfa6726d21a.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\$$DeleteMe.urlmon.dll.01c9be73d647cee1.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16386_none_0e2bfc8f8e79f8f3\$$DeleteMe.WmiPrvSD.dll.01c9be73e2440ba1.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16386_none_0e2bfc8f8e79f8f3\$$DeleteMe.WmiPrvSE.exe.01c9be73e1b75c01.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\$$DeleteMe.rpcss.dll.01c9be73e119bc71.0007
Status: Locked to the Windows API!

Path: c:\users\administrator\application data\orbit\dhtnodes.dat
Status: Size mismatch (API: 14479, Raw: 13654)

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sqmapi.dll
Status: Locked to the Windows API!

Path: C:\Users\Administrator\My Documents\Videos\AMVs\suichi~1.mpg:Zone.Identifier
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Users\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\Cache\3C8B2E5Ed01
Status: Invisible to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spya.sys" at address 0xf74e40e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spya.sys" at address 0xf74fcda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spya.sys" at address 0xf74fd132

#: 119 Function Name: NtOpenKey
Status: Hooked by "spya.sys" at address 0xf74e40c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spya.sys" at address 0xf74fd20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spya.sys" at address 0xf74fd08a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spya.sys" at address 0xf74fd29c

Stealth Objects
-------------------
Object: Hidden Handle [Index: 2240, Type: Event]
Process: firefox.exe (PID: 3276) Address: 0x87d84f20 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89b4d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x87bd71f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x898c7500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_POWER]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: af5fdbsu؅ఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System Address: 0x898c3500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89ae01f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x898c4500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89b4f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8956d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8956d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8956d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8956d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8956d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8956d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x897b3500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x891331f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_CREATE]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_CLOSE]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_READ]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_CLEANUP]
Process: System Address: 0x87f1f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅ癁⩧諘렠Ђఆ䵃穨蝈, IRP_MJ_PNP]
Process: System Address: 0x87f1f1f8 Size: 121

==EOF==

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 23 January 2010 - 07:34 PM

Hi,

please run defogger:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

And run mbr again, as instructed earlier.

Please post the log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 24 January 2010 - 03:54 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 24 January 2010 - 07:18 PM

Hi,

the logs are looking pretty clean. Please run Malwarebytes for confirmation:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Regarding the message from Firefox this is likely due to Firefox not closing correctly, this is almost always due to an extension or plugin. Please try running Firefox in Safe mode (instructions can be found here) and let me know if it still doesn't close properly.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#11 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 25 January 2010 - 12:09 AM

Thanks for all your help, again smile.gif I would never have been able to get my computer clean without you and boopme's help.

When I started in safe mode Firefox almost immediately crashed- it does this from time to time, seemingly at random. I hit restart and it's running fine now, but I can't right click anything in the window. This also happens now and then, safe mode or no.

Here's the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3631
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/24/2010 10:10:04 PM
mbam-log-2010-01-24 (22-10-04).txt

Scan type: Quick Scan
Objects scanned: 132871
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Switchy, 25 January 2010 - 12:23 AM.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 25 January 2010 - 08:02 AM

Hi,

please post a new OTL log.

Could you please try to reinstall Firefox, this may help with the crashing.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#13 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 25 January 2010 - 03:28 PM

Hey,

Here's the log. There was no minimize extra.txt this time around.

OTL logfile created on: 1/25/2010 1:23:35 PM - Run 3
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 17.49 Gb Free Space | 11.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAIBOX
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/25 13:22:09 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(2).exe
PRC - [2010/01/15 22:10:34 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/11 19:19:21 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/11 15:37:30 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/11 15:37:29 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/11 15:37:29 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/11 15:37:28 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/11 15:37:16 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/11 15:37:14 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/29 18:08:50 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.1\system32\ati2evxx.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/10 12:38:16 | 17,879,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.1\RTHDCPL.EXE
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 02:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\explorer.exe
PRC - [2008/05/01 23:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2004/04/06 09:00:00 | 00,015,360 | ---- | M] () -- C:\Program Files\WinRoll\winroll.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 13:22:09 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(2).exe
MOD - [2008/05/01 23:15:36 | 00,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2004/04/06 09:00:00 | 00,008,704 | ---- | M] () -- C:\Program Files\WinRoll\winroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/11 15:37:16 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/11 15:37:14 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/29 18:08:50 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS.1\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 03:00:00 | 00,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.1\system32\skeys.exe -- (SerialKeys)
SRV - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/11 15:38:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/11 15:38:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/11 15:38:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS.1\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/12 20:25:13 | 00,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS.1\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/12 13:48:56 | 00,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS.1\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/29 20:18:22 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/10 05:53:48 | 00,341,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/02 21:49:16 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/04/14 15:09:56 | 05,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/20 10:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS.1\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/05 19:10:12 | 01,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 03:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 03:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 03:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/02/08 08:46:36 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/04/16 18:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/15 15:23:06 | 00,038,144 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2006/02/25 07:13:06 | 00,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/01/04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\S-1-5-21-1715567821-1580436667-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\S-1-5-21-1715567821-1580436667-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://imagni.deviantart.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/11 15:37:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 17:16:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 15:07:53 | 00,000,000 | ---D | M]

[2009/05/02 23:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/25 13:21:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions
[2010/01/21 23:33:01 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/26 22:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\extensions\searchrecs@veoh.com
[2009/12/12 20:25:48 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\searchplugins\daemon-search.xml
[2009/05/27 22:50:16 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r0sgxfg.default\searchplugins\winamp-search.xml
[2010/01/25 13:21:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/24 13:50:46 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/24 13:50:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\yahoo_dex@partners.mozilla.com
[2008/09/03 17:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/06/17 23:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/01/10 22:13:53 | 00,000,727 | ---- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.1\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe ()
O4 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] File not found
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS.1\System32\advpack.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\JMstart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Tai\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tai\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1715567821-1580436667-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.1\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS.1\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\My Documents\My Pictures\Wallpaper Worthy\34e2169bd59e0b6824ad65bf2e78485a.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{218c255a-d96e-11de-ae69-0016448d0bc4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{566c0db0-850b-11de-ae5e-0016448d0bc4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{978b7c70-99a8-11de-ae64-0016448d0bc4}\Shell\AutoRun\command - "" = E:\Customizer.exe -- File not found
O33 - MountPoints2\{978b7c71-99a8-11de-ae64-0016448d0bc4}\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/24 22:12:46 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/01/24 21:57:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbamswissarmy.sys
[2010/01/24 21:57:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbam.sys
[2010/01/24 21:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/24 15:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/01/24 14:54:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010/01/24 14:51:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gimp-2.6
[2010/01/24 14:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\gegl-0.0
[2010/01/24 14:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/01/23 19:49:50 | 00,000,000 | ---D | C] -- C:\videooutput
[2010/01/23 19:49:45 | 00,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS.1\System32\xvid.ax
[2010/01/23 19:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Smallvideosoft
[2010/01/23 14:50:55 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/23 03:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe_Limited
[2010/01/23 03:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Canneverbe Limited
[2010/01/23 03:45:37 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/01/18 21:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/01/14 20:53:52 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticalrt.dll
[2010/01/14 20:53:51 | 03,227,648 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticaldd.dll
[2010/01/14 20:53:51 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS.1\System32\aticalcl.dll
[2010/01/14 20:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2010/01/14 04:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/01/14 04:19:46 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/13 16:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Disc Stuff
[2010/01/11 15:38:46 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/11 15:38:25 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\avgrsstx.dll
[2010/01/11 15:38:23 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgtdix.sys
[2010/01/11 15:38:16 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgldx86.sys
[2010/01/11 15:38:15 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgmfx86.sys
[2010/01/11 15:37:40 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\drivers\Avg
[2010/01/11 15:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\avg9
[2010/01/11 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/11 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/11 15:32:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/11 15:32:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Innovative Solutions
[2010/01/11 15:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2010/01/11 15:30:10 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/01/10 23:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\SUPERAntiSpyware.com
[2010/01/10 23:47:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/01/10 23:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/10 22:38:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2010/01/10 22:24:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\First Aid
[2010/01/10 22:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/01/10 21:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/10 21:42:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Malwarebytes
[2010/01/10 21:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/01/10 21:36:29 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\xircom
[2010/01/10 21:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/01/10 21:31:31 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\NtmsData
[2010/01/10 20:28:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Videos
[2010/01/10 16:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/01/10 16:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/01/10 15:30:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS.1\SGDetectionTool.dll
[2010/01/10 15:30:16 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS.1\PCTBDCore.dll
[2010/01/10 15:30:16 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS.1\PCTBDRes.dll
[2010/01/10 15:21:44 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\pctgntdi.sys
[2010/01/10 15:21:11 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\PCTCore.sys
[2010/01/10 15:21:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\PCTAppEvent.sys
[2010/01/10 15:20:50 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS.1\System32\drivers\pctplsg.sys
[2010/01/10 15:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\PC Tools
[2010/01/10 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/01/10 15:20:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP
[2010/01/10 13:59:15 | 00,000,000 | ---D | C] -- C:\DVDTemp
[2010/01/10 13:59:00 | 00,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.8
[2010/01/10 04:04:39 | 00,000,000 | ---D | C] -- C:\divx2dvd
[2010/01/10 02:33:02 | 00,000,000 | ---D | C] -- C:\Program Files\Easy DVD Creator
[2009/05/28 07:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/01/25 08:04:27 | 54,652,432 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\incavi.avm
[2010/01/25 03:24:20 | 00,108,289 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\soldier boys.rtf
[2010/01/25 03:23:20 | 00,135,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 23:13:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/24 22:15:55 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Orbit.lnk
[2010/01/24 22:14:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT
[2010/01/24 22:14:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat
[2010/01/24 22:12:53 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/24 22:12:53 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/24 21:57:44 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/24 21:44:46 | 00,162,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Just_A_Lick_by_YoukaiYume.jpg
[2010/01/24 19:04:20 | 00,124,326 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dissidia_Cloud_ex.png
[2010/01/24 18:22:03 | 04,313,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0007.JPG
[2010/01/24 18:22:03 | 00,003,454 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/01/24 18:02:59 | 12,468,593 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0006.JPG
[2010/01/24 17:39:44 | 03,100,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0005.JPG
[2010/01/24 16:27:15 | 04,530,708 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0004.JPG
[2010/01/24 14:51:10 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Desktop\GIMP 2.lnk
[2010/01/24 14:12:33 | 00,167,805 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FFVII_CC__Soldier_Duo_by_Mihiru_chan.jpg
[2010/01/24 14:07:27 | 00,046,758 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cloud_Strife_CC_MWF_by_sefie_ireth.jpg
[2010/01/24 14:07:07 | 00,104,867 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1b88135e78e3210da023cd2b4ff38801.jpg
[2010/01/24 14:00:36 | 00,109,628 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Crisis_core_Final_Fantasy_VII_Cloud.jpg
[2010/01/24 13:35:58 | 00,000,176 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/01/24 02:16:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS.1\tasks\Driver Robot.job
[2010/01/23 19:49:46 | 00,000,890 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Freez FLV to AVI MPEG WMV Converter.lnk
[2010/01/23 17:14:26 | 01,525,585 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0003.JPG
[2010/01/23 17:13:08 | 01,512,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0002.JPG
[2010/01/23 15:16:02 | 64,371,785 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\[aarinfantasy] Junjou Romantica 4 - Searching Videos for -junjou 4- - Veoh.flv
[2010/01/23 14:51:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2010/01/23 03:45:44 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Desktop\CDBurnerXP.lnk
[2010/01/22 15:23:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl
[2010/01/19 18:56:50 | 00,142,495 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\microavi.avg
[2010/01/18 00:48:31 | 00,003,809 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\draft.rtf
[2010/01/14 22:28:22 | 50,161,454 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Zack & Cloud - Time of Dying.mp4
[2010/01/14 20:24:05 | 04,235,754 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/14 17:21:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\avi7.avg
[2010/01/14 17:21:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\miniavi.avg
[2010/01/14 08:09:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS.1\tasks\AppleSoftwareUpdate.job
[2010/01/14 03:51:30 | 00,046,822 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\13542_208080167060_648607060_3698511_10380_n.jpg
[2010/01/13 14:22:27 | 00,007,728 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\copy.rtf
[2010/01/11 15:38:25 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\avgrsstx.dll
[2010/01/11 15:38:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgtdix.sys
[2010/01/11 15:38:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgldx86.sys
[2010/01/11 15:38:15 | 00,113,461 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\Avg\iavichjw.avm
[2010/01/11 15:38:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.1\System32\drivers\avgmfx86.sys
[2010/01/11 01:11:39 | 00,000,664 | ---- | M] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/01/10 13:59:19 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk
[2010/01/10 02:33:09 | 00,000,067 | ---- | M] () -- C:\WINDOWS.1\Easy DVD Creator.INI
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.1\System32\drivers\mbam.sys
[2009/12/29 00:03:39 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Quick Screen Capture.lnk

========== Files Created - No Company Name ==========

[2010/01/24 21:57:44 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/24 21:44:46 | 00,162,385 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Just_A_Lick_by_YoukaiYume.jpg
[2010/01/24 19:04:20 | 00,124,326 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dissidia_Cloud_ex.png
[2010/01/24 18:22:03 | 00,003,454 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/01/24 14:51:10 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Desktop\GIMP 2.lnk
[2010/01/24 14:44:10 | 12,468,593 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0006.JPG
[2010/01/24 14:44:10 | 04,530,708 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0004.JPG
[2010/01/24 14:44:10 | 04,313,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0007.JPG
[2010/01/24 14:44:10 | 03,100,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0005.JPG
[2010/01/24 14:44:10 | 01,525,585 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0003.JPG
[2010/01/24 14:44:10 | 01,512,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SCAN0002.JPG
[2010/01/24 14:12:33 | 00,167,805 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FFVII_CC__Soldier_Duo_by_Mihiru_chan.jpg
[2010/01/24 14:07:27 | 00,046,758 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cloud_Strife_CC_MWF_by_sefie_ireth.jpg
[2010/01/24 14:07:07 | 00,104,867 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1b88135e78e3210da023cd2b4ff38801.jpg
[2010/01/24 14:00:36 | 00,109,628 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Crisis_core_Final_Fantasy_VII_Cloud.jpg
[2010/01/24 13:52:00 | 00,077,312 | ---- | C] () -- C:\mbr(1).exe
[2010/01/24 13:51:58 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010/01/24 13:35:45 | 00,000,176 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/01/23 19:49:46 | 00,000,890 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Freez FLV to AVI MPEG WMV Converter.lnk
[2010/01/23 19:49:45 | 08,676,883 | ---- | C] () -- C:\WINDOWS.1\System32\NCMedia2.dll
[2010/01/23 19:49:45 | 00,758,018 | ---- | C] () -- C:\WINDOWS.1\System32\xvidcore.dll
[2010/01/23 19:49:45 | 00,180,224 | ---- | C] () -- C:\WINDOWS.1\System32\xvidvfw.dll
[2010/01/23 15:01:13 | 64,371,785 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\[aarinfantasy] Junjou Romantica 4 - Searching Videos for -junjou 4- - Veoh.flv
[2010/01/23 14:51:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2010/01/23 03:45:44 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Desktop\CDBurnerXP.lnk
[2010/01/23 03:45:38 | 00,007,168 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\StarOpen.sys
[2010/01/18 21:00:38 | 00,108,289 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\soldier boys.rtf
[2010/01/18 00:20:07 | 00,003,809 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\draft.rtf
[2010/01/15 01:39:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/14 22:18:18 | 50,161,454 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\YouTube - Zack & Cloud - Time of Dying.mp4
[2010/01/14 03:51:28 | 00,046,822 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\13542_208080167060_648607060_3698511_10380_n.jpg
[2010/01/13 14:22:27 | 00,007,728 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\copy.rtf
[2010/01/11 15:38:15 | 00,113,461 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\iavichjw.avm
[2010/01/11 15:37:43 | 54,652,432 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\incavi.avm
[2010/01/11 15:37:42 | 00,492,629 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\miniavi.avg
[2010/01/11 15:37:42 | 00,142,495 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\microavi.avg
[2010/01/11 15:37:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\Avg\avi7.avg
[2010/01/11 14:46:36 | 00,000,354 | ---- | C] () -- C:\WINDOWS.1\tasks\Driver Robot.job
[2010/01/11 01:11:39 | 00,000,664 | ---- | C] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/01/10 16:07:52 | 00,380,928 | ---- | C] () -- C:\WINDOWS.1\System32\ac3filter.acm
[2010/01/10 15:30:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS.1\BDTSupport.dll
[2010/01/10 15:30:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS.1\UDB.zip
[2010/01/10 15:30:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS.1\RegSDImport.xml
[2010/01/10 15:30:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS.1\RegISSImport.xml
[2010/01/10 15:30:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS.1\IDB.zip
[2010/01/10 15:21:44 | 00,007,387 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctgntdi.cat
[2010/01/10 15:21:11 | 00,007,412 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\PCTAppEvent.cat
[2010/01/10 15:21:11 | 00,007,383 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctcore.cat
[2010/01/10 15:20:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\pctplsg.cat
[2010/01/10 13:59:19 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Windows Login.lnk
[2010/01/10 02:33:07 | 00,000,067 | ---- | C] () -- C:\WINDOWS.1\Easy DVD Creator.INI
[2009/12/29 00:03:39 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Quick Screen Capture.lnk
[2009/12/16 02:46:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\ToDisc.INI
[2009/07/26 22:34:30 | 00,323,584 | ---- | C] () -- C:\WINDOWS.1\System32\FoxImager.dll
[2009/07/01 04:23:01 | 00,012,288 | ---- | C] () -- C:\WINDOWS.1\impborl.dll
[2009/06/23 21:16:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI
[2009/05/05 19:46:40 | 00,001,300 | ---- | C] () -- C:\WINDOWS.1\System32\cool.dll
[2009/05/03 17:21:14 | 00,135,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 21:28:41 | 00,164,352 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll
[2009/05/02 21:28:41 | 00,000,038 | ---- | C] () -- C:\WINDOWS.1\avisplitter.ini
[2009/05/02 21:28:38 | 03,596,288 | ---- | C] () -- C:\WINDOWS.1\System32\qt-dx331.dll
[2009/05/02 21:28:37 | 00,057,344 | ---- | C] () -- C:\WINDOWS.1\System32\ff_vfw.dll
[2009/05/02 21:28:37 | 00,000,547 | ---- | C] () -- C:\WINDOWS.1\System32\ff_vfw.dll.manifest
[2008/04/14 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS.1\System32\CopyToSendTo.dll
[2003/09/23 05:40:34 | 00,394,240 | ---- | C] () -- C:\WINDOWS.1\System32\HMTCD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:A8ADE5D8
< End of report >

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:14 PM

Posted 25 January 2010 - 03:43 PM

Hi,

the log is looking good. Did reinstalling Firefox help?

Please run a scan with Eset as well:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#15 Switchy

Switchy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Southwest US
  • Local time:09:14 AM

Posted 25 January 2010 - 09:36 PM

No threats found. And Firefox is running fine now.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·