Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VERY BAD laggy sound


  • This topic is locked This topic is locked
27 replies to this topic

#1 snouk

snouk

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 February 2010 - 07:19 PM

For the past few days my laptop (Toshiba A105-s2021 Win xp pro sp3) has been lagging very bad during boot-up and when windows starts the win sound is VERY choppy and laggy. I have no idea what is causing this, I was thinking maybe some reg. entry's that got edited with out me knowing or something along this line. Some help would be awesome. wacko.gif


DDS (Ver_09-12-01.01) - NTFSx86
Run by Homie at 19:32:31.01 on Fri 02/19/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Homie\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [Google Update] "c:\documents and settings\homie\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AtiPTA] atiptaxx.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [Eyeball Chat] "c:\program files\eyeball networks\eyeball chat\EyeballChat.exe" -min
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.5.0.1145
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\homie\applic~1\mozilla\firefox\profiles\l83aqo37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - Google Search Community
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\mozilla firefox\components\SuperSearchXPCOM.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\homie\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\homie\application data\mozilla\firefox\profiles\l83aqo37.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\homie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\homie\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? ASKService;ASKService
R? ASKUpgrade;ASKUpgrade
R? npggsvc;nProtect GameGuard Service
R? SASENUM;SASENUM
R? sdAuxService;PC Tools Auxiliary Service
R? sdCoreService;PC Tools Security Service
S? CAMTHWDM;WebcamMax, WDM Video Capture
S? ehdrv;ehdrv
S? ekrn;ESET Service
S? ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver
S? PCTAppEvent;PCTAppEvent Driver
S? PCTCore;PCTools KDS
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNDIS;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2010-02-19 21:58:22 2854 ----a-w- c:\windows\system32\tmp.reg
2010-02-08 19:41:03 77312 ----a-w- c:\windows\MBR.exe
2010-02-07 20:37:25 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-02-07 19:50:22 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-02-01 23:33:34 0 d-----w- c:\program files\OUGOMessenger
2010-01-27 22:17:44 0 d-----w- c:\docume~1\homie\applic~1\PCToolsFirewallPlus
2010-01-27 22:15:32 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-27 22:15:30 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-27 22:15:10 7435 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.cat
2010-01-27 22:15:10 7399 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.cat
2010-01-27 22:15:10 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-27 22:15:10 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-27 22:15:10 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-27 22:15:08 7383 ----a-w- c:\windows\system32\drivers\pctplfw.cat
2010-01-27 22:15:08 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-27 22:15:06 0 d-----w- c:\program files\PC Tools Firewall Plus

==================== Find3M ====================

2010-01-08 13:13:12 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-07 17:40:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21:05 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 03:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 19:35:41.32 ===============

I tryd to run GMER but it took 10+ hours and when I woke up in the morning my laptop was off. So I wasn't able to get that scan and report sad.gif sorry, the system is going very slow. I been googling and I think this happens from some kind of malware/spyware making huge edit/changes to my reg. with out me knowing. Can this be fixed with out reinstalling windows? My system restore was attacked as well. Cant return to a later point they where erased some how. sad.gif Thanks in advance, I know you guys are busy and might take a few days to get to this. That is no problem.

Edited by snouk, 20 February 2010 - 11:56 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 20 February 2010 - 02:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 20 February 2010 - 09:48 PM

Hi myrti thanks for your fast reply. I havent change anything from the last scans, heres the 2 logs from OTL,

OTL logfile created on: 2/20/2010 8:49:35 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Homie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 5.17 Gb Free Space | 5.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANSLAPTOP
Current User Name: Homie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 20:48:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Homie\My Documents\Downloads\OTL.exe
PRC - [2010/02/19 11:03:42 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/05/09 13:09:24 | 000,606,720 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/04 21:54:00 | 000,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/09/26 20:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2006/01/19 10:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 10:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
PRC - [2005/11/10 14:14:06 | 015,473,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2001/09/24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 20:48:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Homie\My Documents\Downloads\OTL.exe
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/22 19:47:20 | 000,348,824 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/07/22 22:44:48 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/06/29 14:11:03 | 000,075,064 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/20 12:47:49 | 002,796,878 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2007/12/04 21:54:00 | 000,495,616 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/10/19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/08 08:13:12 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/18 15:02:26 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/16 09:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/18 19:53:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/23 10:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 10:01:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 10:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 21:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 11:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/05 00:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 20:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 20:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/26 20:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/01/19 11:05:36 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 19:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/09/12 21:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/04/11 13:47:52 | 000,011,136 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/01 15:36:18 | 000,348,169 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\S-1-5-21-1275210071-115176313-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google Search Community"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: supersearch@supersearch.com:3.5
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..keyword.URL: "http://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 11:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 11:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/02/08 16:16:35 | 000,000,000 | ---D | M]

[2009/05/17 12:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Mozilla\Extensions
[2009/05/17 04:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\doucisk0.default\extensions
[2009/05/17 04:25:10 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\doucisk0.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}(2)
[2010/02/20 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\extensions
[2010/01/24 02:09:28 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/12/24 18:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/29 14:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\extensions\battlefieldheroespatcher@ea.com
[2009/07/24 21:42:47 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\searchplugins\kiwee-live-search.xml
[2010/02/20 17:28:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/18 16:42:10 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SuperSearchXPCOM.dll
[2009/05/20 00:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/05/27 15:41:50 | 000,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/11/27 22:17:30 | 000,002,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml

O1 HOSTS File: ([2010/02/19 17:07:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Eyeball Chat] C:\Program Files\Eyeball Networks\Eyeball Chat\EyeballChat.exe (Eyeball Networks Inc.)
O4 - HKU\S-1-5-18..\Run: [Eyeball Chat] C:\Program Files\Eyeball Networks\Eyeball Chat\EyeballChat.exe (Eyeball Networks Inc.)
O4 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003..\Run: [Google Update] C:\Documents and Settings\Homie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.5.0.1145 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.5.0.1145 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1275210071-115176313-1644491937-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/up...er_4.0.17.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/14 20:49:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/14 16:22:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe - (The Privoxy team - www.privoxy.org)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/19 17:51:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Homie\Recent
[2010/02/12 01:03:05 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/11 19:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Homie\Desktop\backups
[2010/02/11 18:36:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/11 18:35:56 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Homie\Desktop\HijackThis.exe
[2010/02/08 14:41:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/07 15:37:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/02/07 14:50:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/02/01 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\OUGOMessenger
[2010/01/28 08:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/01/27 19:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/27 19:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/27 19:43:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/27 19:43:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/27 19:43:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/27 17:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Homie\Application Data\PCToolsFirewallPlus
[2010/01/27 17:15:10 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/01/27 17:15:10 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/01/27 17:15:10 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/01/27 17:15:08 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/01/27 17:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2009/07/25 15:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2009/07/24 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2009/06/13 15:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/15 21:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/05/15 03:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/14 20:54:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/14 20:53:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/14 20:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 20:22:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-115176313-1644491937-1003UA.job
[2010/02/20 16:59:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/20 16:22:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/20 16:22:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 23:22:08 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-115176313-1644491937-1003Core.job
[2010/02/19 18:05:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Homie\ntuser.ini
[2010/02/19 18:05:40 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Homie\ntuser.dat
[2010/02/19 17:07:14 | 000,002,854 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/19 12:59:45 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\magicJack.lnk
[2010/02/19 12:35:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 19:28:01 | 003,856,004 | R--- | M] () -- C:\Documents and Settings\Homie\Desktop\ComboFix(2).exe
[2010/02/11 18:30:39 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\ESET Smart Security.lnk
[2010/02/08 15:09:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/01 18:33:36 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\OUGO Browser .lnk
[2010/02/01 18:33:36 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\OUGO Messenger .lnk
[2010/01/28 08:49:43 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\PC Tools Firewall Plus.lnk
[2010/01/25 00:06:08 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Homie\Desktop\CCleaner.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 16:58:22 | 000,002,854 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/11 19:27:30 | 003,856,004 | R--- | C] () -- C:\Documents and Settings\Homie\Desktop\ComboFix(2).exe
[2010/02/11 18:30:39 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\ESET Smart Security.lnk
[2010/02/08 14:41:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/01 18:33:36 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\OUGO Browser .lnk
[2010/02/01 18:33:36 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\OUGO Messenger .lnk
[2010/01/28 08:49:43 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Homie\Desktop\PC Tools Firewall Plus.lnk
[2010/01/27 17:15:32 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/27 17:15:30 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/27 17:15:10 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/01/27 17:15:10 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/01/27 17:15:08 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/01/07 18:02:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/10/18 19:53:08 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/10/02 04:15:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/02 02:35:14 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/08/30 18:58:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\CheetaChat.INI
[2009/08/14 14:59:01 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/24 21:29:23 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/07/24 21:29:23 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/06/29 14:11:52 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/06/26 14:27:04 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/06/26 14:27:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/06/26 14:05:01 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/06/26 14:05:01 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/06/23 14:13:48 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Homie\Application Data\PnkBstrK.sys
[2009/06/09 17:24:24 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Homie\Application Data\RSBot Accounts.ini
[2009/06/08 21:06:19 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Homie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/20 20:13:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/17 12:38:16 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/14 22:21:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2009/05/14 22:03:01 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/03/10 21:18:20 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/03/10 21:18:00 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/14 04:42:04 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Homie\Desktop\Dans Installers\mydrivers\hdc\primary_ide_channel\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Homie\Desktop\Dans Installers\mydrivers\hdc\secondary_ide_channel\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Homie\Desktop\New Folder\saved drivers\hdc\primary_ide_channel\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Homie\Desktop\New Folder\saved drivers\hdc\secondary_ide_channel\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\mydrivers\hdc\pci_ven_10de&dev_0065\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

OTL Extras logfile created on: 2/20/2010 8:49:35 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Homie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 5.17 Gb Free Space | 5.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANSLAPTOP
Current User Name: Homie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-115176313-1644491937-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Homie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Homie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Homie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Homie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module -- (Camshare LC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Documents and Settings\Homie\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Homie\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeâ„¢ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 18
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{507B0A37-D911-4965-A5A8-3B2568003310}" = Readon TV Movie Radio Player 5.9.0.0
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}" = ESET Smart Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E79D3401-0F8C-4F9F-9964-ABBCEFB49C28}" = Eyeball Chat
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA37CD2-7BA4-4A5A-8979-B64EA712F4CB}" = TortoiseSVN 1.6.2.16344 (32 bit)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"Camfrog 5.4" = Camfrog Video Chat 5.4
"CCleaner" = CCleaner
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"ClubWPT" = ClubWPT
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dark Age of Camelot - Labyrinth of the Minotaur_is1" = Dark Age of Camelot - Labyrinth of the Minotaur
"DMX4_is1" = DriverMax 4
"Drug Lord 2" = Drug Lord 2
"DVD Shrink_is1" = DVD Shrink 3.2
"GomezPEER" = GomezPEER
"HijackThis" = HijackThis 1.99.1
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Standard)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MultiRes (remove only)" = MultiRes (remove only)
"OUGO Messenger_is1" = OUGO Messenger
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"Privoxy" = Privoxy 3.0.6
"Spyware Doctor" = Spyware Doctor 6.1
"StormPredator_3.27" = StormPredator 3.3
"TeamViewer 4" = TeamViewer 4
"Tor" = Tor 0.2.0.34
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trojan Remover_is1" = Trojan Remover 6.7.9
"Unlocker" = Unlocker 1.8.7
"Vidalia" = Vidalia 0.1.10
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-115176313-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2010 8:22:05 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 9:22:11 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/13/2010 3:22:05 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/13/2010 4:22:05 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/13/2010 5:22:05 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/19/2010 1:37:16 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/19/2010 1:54:49 PM | Computer Name = DANSLAPTOP | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 6:53:01 PM | Computer Name = DANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application camfrog video chat.exe, version 5.4.0.231, faulting
module browseui.dll, version 6.0.2900.5512, fault address 0x00003ba6.

Error - 2/20/2010 8:46:13 PM | Computer Name = DANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application camfrog video chat.exe, version 5.4.0.231, faulting
module unknown, version 0.0.0.0, fault address 0x03dc0000.

Error - 2/20/2010 9:44:50 PM | Computer Name = DANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application camfrog video chat.exe, version 5.4.0.231, faulting
module browseui.dll, version 6.0.2900.5512, fault address 0x00003ba6.

[ System Events ]
Error - 2/19/2010 5:55:56 PM | Computer Name = DANSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/19/2010 6:14:42 PM | Computer Name = DANSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/19/2010 6:16:01 PM | Computer Name = DANSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/19/2010 6:16:16 PM | Computer Name = DANSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/19/2010 6:26:19 PM | Computer Name = DANSLAPTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/19/2010 7:14:18 PM | Computer Name = DANSLAPTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/20/2010 12:41:16 PM | Computer Name = DANSLAPTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/20/2010 5:13:01 PM | Computer Name = DANSLAPTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/20/2010 5:22:46 PM | Computer Name = DANSLAPTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 2/20/2010 5:46:09 PM | Computer Name = DANSLAPTOP | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f2739d82, parameter2 00000000, parameter3
f2739d82, parameter4 00000000.


< End of report >

I also wanted to add that my desktop background is gone. I can notice a gray outline around my screen and in the top left corner I see a little white box with a red square,a green circle and blue triangle in it.
I can't see my original background but instead its all blue. sad.gif

Edited by snouk, 20 February 2010 - 10:50 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 21 February 2010 - 08:28 AM

Hi,

have you tried running gmer in safe mode? Does it take as long there as well?

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the log, please post it in your next reply.

Please also run Malwarebytes Anti-Malware:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 22 February 2010 - 10:55 AM

Well my laptop is being VERY laggy and slow. I cant get to my c: is to laggy (when I drag a window I see traces of the window and cant see desktop or anything also start bar wont show up.). so all I can manage to do is upload the logs for you. I still have the combofix log. I hope my system can be fixed. Thanks.

Attached Files


Edited by snouk, 22 February 2010 - 10:59 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 22 February 2010 - 04:28 PM

Hi,

please repeat the scan with gmer, we have interference with some of your programs:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then run gmer once more and post the new log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 22 February 2010 - 08:48 PM

heres the gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-22 20:47:28
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Homie\LOCALS~1\Temp\pwdorkoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xB325A752]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xB325A440]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xB325A482]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xB325A530]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF736BE52]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xB325ADD8]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xB325AE64]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xB325AEF4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xB325A580]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF736C640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF736C8F4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xB325A5C2]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xB325A606]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xB325A648]
SSDT 8954FCB0 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xB325A68A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xB325A6CC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xB325A79A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF736CD60]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRequestWaitReplyPort [0xB325A70E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRestoreKey [0xB325A7DC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xB325A824]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xB325A8B4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xB325A866]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xB325A958]
SSDT 895504F0 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xB325A99A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xB325A9DC]
SSDT 89550310 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xB325AA2A]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F67ED4F6
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F67ED59C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

---- Threads - GMER 1.0.15 ----

Thread System [4:616] 8954E930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 26 February 2010 - 03:47 AM

Hi,

very sorry for the delay. But everything is up and running now! smile.gif

The log from gmer is not conclusive, could you please try to run rootrepeal as well:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

How is your PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 26 February 2010 - 11:19 AM

My system is still laggy at boot up win xp splash screen about 5 mins to start. Still laggy sound also when I right click the system freezes. My desktop background is still gone. I can notice a gray outline around my screen and in the top left corner I see a little white box with a red square,a green circle and blue triangle in it.
I can't see my original background but instead its all blue.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/26 10:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB608D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xEEE7F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF5A96000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\perflib_perfdata_e0.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d752

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d440

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d482

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d530

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf736be52

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4ddd8

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4de64

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4def4

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d580

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf736c640

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf736c8f4

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d5c2

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d606

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d648

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x89552cb0

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d68a

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d6cc

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d79a

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf736cd60

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d70e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d7dc

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d824

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d8b4

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d866

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d958

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x895534f0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d99a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4d9dc

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89553310

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4da2a

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8a1085d8]
Process: System Address: 0x89551930 Size: 1000

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4da6c

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4dab4

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4daf8

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4db3c

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4db80

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4dbd8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4dc30

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4dc88

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4dd1e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xb3b4dcd0

==EOF==

Edited by snouk, 26 February 2010 - 11:20 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 26 February 2010 - 03:56 PM

Hi,

the log looks fine. Please run a new copy of ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 26 February 2010 - 09:24 PM

ComboFix 10-02-26.01 - Homie 02/26/2010 19:54:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.951 [GMT -5:00]
Running from: c:\documents and settings\Homie\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Gomez
c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe
c:\program files\Gomez\GomezPEER\cache\helper\cache_filler.001.js
c:\program files\Gomez\GomezPEER\cache\helper\databank.002.js
c:\program files\Gomez\GomezPEER\cache\helper\databank.003.js
c:\program files\Gomez\GomezPEER\cache\helper\GomezGlobalFunctions.006.js
c:\program files\Gomez\GomezPEER\cache\helper\GomezGlobalFunctions.008.js
c:\program files\Gomez\GomezPEER\cache\helper\static_helpers.003.js
c:\program files\Gomez\GomezPEER\cache\helper\url_helpers.003.js
c:\program files\Gomez\GomezPEER\cache\india50k.JPG
c:\program files\Gomez\GomezPEER\cache\params.xml
c:\program files\Gomez\GomezPEER\cache\Respawn.class
c:\program files\Gomez\GomezPEER\country_list.txt
c:\program files\Gomez\GomezPEER\decode.exe
c:\program files\Gomez\GomezPEER\getclean.exe
c:\program files\Gomez\GomezPEER\gomez.dat
c:\program files\Gomez\GomezPEER\gomez.dat.backup1
c:\program files\Gomez\GomezPEER\gomez.dat.backup2
c:\program files\Gomez\GomezPEER\gomez.dat.backup3
c:\program files\Gomez\GomezPEER\hs_err_pid1108.log
c:\program files\Gomez\GomezPEER\hs_err_pid1280.log
c:\program files\Gomez\GomezPEER\hs_err_pid1288.log
c:\program files\Gomez\GomezPEER\hs_err_pid132.log
c:\program files\Gomez\GomezPEER\hs_err_pid1384.log
c:\program files\Gomez\GomezPEER\hs_err_pid1396.log
c:\program files\Gomez\GomezPEER\hs_err_pid1444.log
c:\program files\Gomez\GomezPEER\hs_err_pid152.log
c:\program files\Gomez\GomezPEER\hs_err_pid1664.log
c:\program files\Gomez\GomezPEER\hs_err_pid1708.log
c:\program files\Gomez\GomezPEER\hs_err_pid1716.log
c:\program files\Gomez\GomezPEER\hs_err_pid1732.log
c:\program files\Gomez\GomezPEER\hs_err_pid2092.log
c:\program files\Gomez\GomezPEER\hs_err_pid2188.log
c:\program files\Gomez\GomezPEER\hs_err_pid2264.log
c:\program files\Gomez\GomezPEER\hs_err_pid2276.log
c:\program files\Gomez\GomezPEER\hs_err_pid2308.log
c:\program files\Gomez\GomezPEER\hs_err_pid2324.log
c:\program files\Gomez\GomezPEER\hs_err_pid2392.log
c:\program files\Gomez\GomezPEER\hs_err_pid2420.log
c:\program files\Gomez\GomezPEER\hs_err_pid2444.log
c:\program files\Gomez\GomezPEER\hs_err_pid2452.log
c:\program files\Gomez\GomezPEER\hs_err_pid2516.log
c:\program files\Gomez\GomezPEER\hs_err_pid2552.log
c:\program files\Gomez\GomezPEER\hs_err_pid256.log
c:\program files\Gomez\GomezPEER\hs_err_pid2572.log
c:\program files\Gomez\GomezPEER\hs_err_pid2584.log
c:\program files\Gomez\GomezPEER\hs_err_pid2588.log
c:\program files\Gomez\GomezPEER\hs_err_pid2696.log
c:\program files\Gomez\GomezPEER\hs_err_pid2704.log
c:\program files\Gomez\GomezPEER\hs_err_pid2716.log
c:\program files\Gomez\GomezPEER\hs_err_pid2720.log
c:\program files\Gomez\GomezPEER\hs_err_pid2752.log
c:\program files\Gomez\GomezPEER\hs_err_pid2756.log
c:\program files\Gomez\GomezPEER\hs_err_pid2792.log
c:\program files\Gomez\GomezPEER\hs_err_pid28064.log
c:\program files\Gomez\GomezPEER\hs_err_pid2848.log
c:\program files\Gomez\GomezPEER\hs_err_pid2916.log
c:\program files\Gomez\GomezPEER\hs_err_pid2960.log
c:\program files\Gomez\GomezPEER\hs_err_pid3048.log
c:\program files\Gomez\GomezPEER\hs_err_pid308.log
c:\program files\Gomez\GomezPEER\hs_err_pid312.log
c:\program files\Gomez\GomezPEER\hs_err_pid3244.log
c:\program files\Gomez\GomezPEER\hs_err_pid3296.log
c:\program files\Gomez\GomezPEER\hs_err_pid3332.log
c:\program files\Gomez\GomezPEER\hs_err_pid336.log
c:\program files\Gomez\GomezPEER\hs_err_pid3400.log
c:\program files\Gomez\GomezPEER\hs_err_pid3424.log
c:\program files\Gomez\GomezPEER\hs_err_pid3436.log
c:\program files\Gomez\GomezPEER\hs_err_pid3500.log
c:\program files\Gomez\GomezPEER\hs_err_pid3540.log
c:\program files\Gomez\GomezPEER\hs_err_pid3552.log
c:\program files\Gomez\GomezPEER\hs_err_pid3564.log
c:\program files\Gomez\GomezPEER\hs_err_pid3584.log
c:\program files\Gomez\GomezPEER\hs_err_pid3640.log
c:\program files\Gomez\GomezPEER\hs_err_pid3648.log
c:\program files\Gomez\GomezPEER\hs_err_pid3664.log
c:\program files\Gomez\GomezPEER\hs_err_pid3688.log
c:\program files\Gomez\GomezPEER\hs_err_pid3720.log
c:\program files\Gomez\GomezPEER\hs_err_pid3788.log
c:\program files\Gomez\GomezPEER\hs_err_pid3852.log
c:\program files\Gomez\GomezPEER\hs_err_pid3928.log
c:\program files\Gomez\GomezPEER\hs_err_pid3976.log
c:\program files\Gomez\GomezPEER\hs_err_pid3996.log
c:\program files\Gomez\GomezPEER\hs_err_pid4004.log
c:\program files\Gomez\GomezPEER\hs_err_pid4044.log
c:\program files\Gomez\GomezPEER\hs_err_pid612.log
c:\program files\Gomez\GomezPEER\hs_err_pid672.log
c:\program files\Gomez\GomezPEER\hs_err_pid684.log
c:\program files\Gomez\GomezPEER\hs_err_pid736.log
c:\program files\Gomez\GomezPEER\hs_err_pid740.log
c:\program files\Gomez\GomezPEER\hs_err_pid964.log
c:\program files\Gomez\GomezPEER\javparms.dat
c:\program files\Gomez\GomezPEER\jre\bin\attach.dll
c:\program files\Gomez\GomezPEER\jre\bin\awt.dll
c:\program files\Gomez\GomezPEER\jre\bin\axbridge.dll
c:\program files\Gomez\GomezPEER\jre\bin\client\classes.jsa
c:\program files\Gomez\GomezPEER\jre\bin\client\jvm.dll
c:\program files\Gomez\GomezPEER\jre\bin\client\Xusage.txt
c:\program files\Gomez\GomezPEER\jre\bin\cmm.dll
c:\program files\Gomez\GomezPEER\jre\bin\comfyj.lic
c:\program files\Gomez\GomezPEER\jre\bin\dcpr.dll
c:\program files\Gomez\GomezPEER\jre\bin\deploy.dll
c:\program files\Gomez\GomezPEER\jre\bin\dt_shmem.dll
c:\program files\Gomez\GomezPEER\jre\bin\dt_socket.dll
c:\program files\Gomez\GomezPEER\jre\bin\eula.dll
c:\program files\Gomez\GomezPEER\jre\bin\fontmanager.dll
c:\program files\Gomez\GomezPEER\jre\bin\hpi.dll
c:\program files\Gomez\GomezPEER\jre\bin\hprof.dll
c:\program files\Gomez\GomezPEER\jre\bin\ICE_JNIRegistry.dll
c:\program files\Gomez\GomezPEER\jre\bin\iepreparse.dll
c:\program files\Gomez\GomezPEER\jre\bin\instrument.dll
c:\program files\Gomez\GomezPEER\jre\bin\ioser12.dll
c:\program files\Gomez\GomezPEER\jre\bin\j2pcsc.dll
c:\program files\Gomez\GomezPEER\jre\bin\j2pkcs11.dll
c:\program files\Gomez\GomezPEER\jre\bin\jaas_nt.dll
c:\program files\Gomez\GomezPEER\jre\bin\java-rmi.exe
c:\program files\Gomez\GomezPEER\jre\bin\java.dll
c:\program files\Gomez\GomezPEER\jre\bin\java.exe
c:\program files\Gomez\GomezPEER\jre\bin\java_crw_demo.dll
c:\program files\Gomez\GomezPEER\jre\bin\javacpl.cpl
c:\program files\Gomez\GomezPEER\jre\bin\javacpl.exe
c:\program files\Gomez\GomezPEER\jre\bin\javaw.exe
c:\program files\Gomez\GomezPEER\jre\bin\javaws.exe
c:\program files\Gomez\GomezPEER\jre\bin\jawt.dll
c:\program files\Gomez\GomezPEER\jre\bin\JdbcOdbc.dll
c:\program files\Gomez\GomezPEER\jre\bin\jdwp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jexplorer.lic
c:\program files\Gomez\GomezPEER\jre\bin\jli.dll
c:\program files\Gomez\GomezPEER\jre\bin\jniwrap.dll
c:\program files\Gomez\GomezPEER\jre\bin\jniwrap.lic
c:\program files\Gomez\GomezPEER\jre\bin\jpeg.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpicom.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpiexp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpinscp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpioji.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpishare.dll
c:\program files\Gomez\GomezPEER\jre\bin\jsound.dll
c:\program files\Gomez\GomezPEER\jre\bin\jsoundds.dll
c:\program files\Gomez\GomezPEER\jre\bin\jucheck.exe
c:\program files\Gomez\GomezPEER\jre\bin\jureg.exe
c:\program files\Gomez\GomezPEER\jre\bin\jusched.exe
c:\program files\Gomez\GomezPEER\jre\bin\keytool.exe
c:\program files\Gomez\GomezPEER\jre\bin\kinit.exe
c:\program files\Gomez\GomezPEER\jre\bin\klist.exe
c:\program files\Gomez\GomezPEER\jre\bin\ktab.exe
c:\program files\Gomez\GomezPEER\jre\bin\management.dll
c:\program files\Gomez\GomezPEER\jre\bin\Microsoft.VC80.CRT.manifest
c:\program files\Gomez\GomezPEER\jre\bin\msdecode.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcm80.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcp80.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcr71.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcr80.dll
c:\program files\Gomez\GomezPEER\jre\bin\net.dll
c:\program files\Gomez\GomezPEER\jre\bin\nio.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava11.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava12.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava13.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava14.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava32.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjpi160.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjpi160_03.dll
c:\program files\Gomez\GomezPEER\jre\bin\npoji610.dll
c:\program files\Gomez\GomezPEER\jre\bin\npt.dll
c:\program files\Gomez\GomezPEER\jre\bin\orbd.exe
c:\program files\Gomez\GomezPEER\jre\bin\pack200.exe
c:\program files\Gomez\GomezPEER\jre\bin\policytool.exe
c:\program files\Gomez\GomezPEER\jre\bin\porivonet.dll
c:\program files\Gomez\GomezPEER\jre\bin\PorivoProcess.dll
c:\program files\Gomez\GomezPEER\jre\bin\regutils.dll
c:\program files\Gomez\GomezPEER\jre\bin\rmi.dll
c:\program files\Gomez\GomezPEER\jre\bin\rmid.exe
c:\program files\Gomez\GomezPEER\jre\bin\rmiregistry.exe
c:\program files\Gomez\GomezPEER\jre\bin\server\jvm.dll
c:\program files\Gomez\GomezPEER\jre\bin\server\Xusage.txt
c:\program files\Gomez\GomezPEER\jre\bin\servertool.exe
c:\program files\Gomez\GomezPEER\jre\bin\splashscreen.dll
c:\program files\Gomez\GomezPEER\jre\bin\ssv.dll
c:\program files\Gomez\GomezPEER\jre\bin\sunmscapi.dll
c:\program files\Gomez\GomezPEER\jre\bin\tnameserv.exe
c:\program files\Gomez\GomezPEER\jre\bin\unicows.dll
c:\program files\Gomez\GomezPEER\jre\bin\unpack.dll
c:\program files\Gomez\GomezPEER\jre\bin\unpack200.exe
c:\program files\Gomez\GomezPEER\jre\bin\verify.dll
c:\program files\Gomez\GomezPEER\jre\bin\w2k_lsa_auth.dll
c:\program files\Gomez\GomezPEER\jre\bin\WinTimer.dll
c:\program files\Gomez\GomezPEER\jre\bin\wsdetect.dll
c:\program files\Gomez\GomezPEER\jre\bin\zip.dll
c:\program files\Gomez\GomezPEER\jre\COPYRIGHT
c:\program files\Gomez\GomezPEER\jre\lib\audio\soundbank.gm
c:\program files\Gomez\GomezPEER\jre\lib\calendars.properties
c:\program files\Gomez\GomezPEER\jre\lib\charsets.jar
c:\program files\Gomez\GomezPEER\jre\lib\classlist
c:\program files\Gomez\GomezPEER\jre\lib\cmm\CIEXYZ.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\GRAY.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\LINEAR_RGB.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\PYCC.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\sRGB.pf
c:\program files\Gomez\GomezPEER\jre\lib\content-types.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy.jar
c:\program files\Gomez\GomezPEER\jre\lib\deploy\ffjcext.zip
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_de.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_es.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_fr.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_it.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_ja.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_ko.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_sv.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_CN.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_HK.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_TW.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\splash.jpg
c:\program files\Gomez\GomezPEER\jre\lib\endorsed\xalan.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\commons-codec.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\commons-lang.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\css.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\dnsjava.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\dnsns.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\gomez-webcore.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\HeartBeatProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jdom.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\JNIRegistry.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jniwrap.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\js.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jstools.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\Kernel.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\localedata.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\log4j.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\ext\nekohtml.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\oro.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\peergui.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\PeerReviewProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\poi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-lib.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-modules.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-utils.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunjce_provider.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunmscapi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunpkcs11.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\winpack.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\xerces.jar
c:\program files\Gomez\GomezPEER\jre\lib\flavormap.properties
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.98.bfc
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.98.properties.src
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.bfc
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.properties.src
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightDemiBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightDemiItalic.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightItalic.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaSansDemiBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaSansRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaTypewriterBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaTypewriterRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\i386\jvm.cfg
c:\program files\Gomez\GomezPEER\jre\lib\im\indicim.jar
c:\program files\Gomez\GomezPEER\jre\lib\im\thaiim.jar
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\cursors.properties
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\invalid32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\javaws.jar
c:\program files\Gomez\GomezPEER\jre\lib\jce.jar
c:\program files\Gomez\GomezPEER\jre\lib\jsse.jar
c:\program files\Gomez\GomezPEER\jre\lib\jvm.hprof.txt
c:\program files\Gomez\GomezPEER\jre\lib\logging.properties
c:\program files\Gomez\GomezPEER\jre\lib\management-agent.jar
c:\program files\Gomez\GomezPEER\jre\lib\management\jmxremote.access
c:\program files\Gomez\GomezPEER\jre\lib\management\jmxremote.password.template
c:\program files\Gomez\GomezPEER\jre\lib\management\management.properties
c:\program files\Gomez\GomezPEER\jre\lib\management\snmp.acl.template
c:\program files\Gomez\GomezPEER\jre\lib\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\net.properties
c:\program files\Gomez\GomezPEER\jre\lib\plugin.jar
c:\program files\Gomez\GomezPEER\jre\lib\psfont.properties.ja
c:\program files\Gomez\GomezPEER\jre\lib\psfontj2d.properties
c:\program files\Gomez\GomezPEER\jre\lib\resources.jar
c:\program files\Gomez\GomezPEER\jre\lib\rt.jar
c:\program files\Gomez\GomezPEER\jre\lib\security\cacerts
c:\program files\Gomez\GomezPEER\jre\lib\security\gsr.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\java.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\java.security
c:\program files\Gomez\GomezPEER\jre\lib\security\javaws.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\local_policy.jar
c:\program files\Gomez\GomezPEER\jre\lib\security\US_export_policy.jar
c:\program files\Gomez\GomezPEER\jre\lib\sound.properties
c:\program files\Gomez\GomezPEER\jre\lib\tzmappings
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Abidjan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Accra
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Addis_Ababa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Algiers
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Asmara
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Asmera
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bamako
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bangui
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Banjul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bissau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Blantyre
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Brazzaville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bujumbura
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Cairo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Casablanca
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ceuta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Conakry
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Dakar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Dar_es_Salaam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Djibouti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Douala
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\El_Aaiun
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Freetown
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Gaborone
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Harare
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Johannesburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kampala
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Khartoum
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kigali
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kinshasa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Libreville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Luanda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lubumbashi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lusaka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Malabo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Maputo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Maseru
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Mbabane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Mogadishu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Monrovia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Nairobi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ndjamena
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Niamey
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Nouakchott
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ouagadougou
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Porto-Novo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Sao_Tome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Tripoli
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Tunis
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Windhoek
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Adak
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Anchorage
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Anguilla
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Antigua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Araguaina
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Catamarca
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Cordoba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Jujuy
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\La_Rioja
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Mendoza
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\San_Juan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Tucuman
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Ushuaia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Aruba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Asuncion
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Atikokan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Bahia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Barbados
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Belem
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Belize
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Blanc-Sablon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Boa_Vista
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Bogota
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Boise
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cambridge_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Campo_Grande
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cancun
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Caracas
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cayenne
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cayman
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Chicago
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Chihuahua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Costa_Rica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cuiaba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Curacao
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Danmarkshavn
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dawson
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dawson_Creek
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Denver
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Detroit
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dominica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Edmonton
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Eirunepe
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\El_Salvador
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Fortaleza
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Glace_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Godthab
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Goose_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Grand_Turk
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Grenada
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guadeloupe
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guatemala
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guayaquil
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guyana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Halifax
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Havana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Hermosillo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Indianapolis
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Knox
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Marengo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Petersburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Tell_City
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Vevay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Vincennes
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Winamac
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Inuvik
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Iqaluit
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Jamaica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Juneau
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Kentucky\Louisville
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Kentucky\Monticello
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\La_Paz
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Lima
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Los_Angeles
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Maceio
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Managua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Manaus
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Martinique
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Mazatlan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Menominee
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Merida
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Mexico_City
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Miquelon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Moncton
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Monterrey
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montevideo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montreal
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montserrat
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nassau
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\New_York
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nipigon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nome
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Noronha
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\North_Dakota\Center
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\North_Dakota\New_Salem
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Panama
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Pangnirtung
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Paramaribo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Phoenix
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Port-au-Prince
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Port_of_Spain
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Porto_Velho
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Puerto_Rico
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rainy_River
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rankin_Inlet
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Recife
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Regina
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Resolute
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rio_Branco
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Santiago
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Santo_Domingo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Sao_Paulo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Scoresbysund
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Johns
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Kitts
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Lucia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Thomas
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Vincent
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Swift_Current
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tegucigalpa
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Thule
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Thunder_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tijuana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Toronto
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tortola
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Vancouver
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Whitehorse
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Winnipeg
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Yakutat
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Yellowknife
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Casey
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Davis
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\DumontDUrville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Mawson
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\McMurdo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Palmer
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Rothera
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Syowa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Vostok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aden
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Almaty
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Amman
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Anadyr
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aqtau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aqtobe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Ashgabat
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Baghdad
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bahrain
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Baku
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bangkok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Beirut
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bishkek
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Brunei
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Calcutta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Choibalsan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Chongqing
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Colombo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Damascus
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dhaka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dili
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dubai
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dushanbe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Gaza
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Harbin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Hong_Kong
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Hovd
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Irkutsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jakarta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jayapura
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jerusalem
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kabul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kamchatka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Karachi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kashgar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Katmandu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Krasnoyarsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuala_Lumpur
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuching
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuwait
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Macau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Magadan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Makassar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Manila
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Muscat
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Nicosia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Novosibirsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Omsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Oral
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Phnom_Penh
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Pontianak
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Pyongyang
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Qatar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Qyzylorda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Rangoon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh87
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh88
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh89
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Saigon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Sakhalin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Samarkand
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Seoul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Shanghai
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Singapore
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Taipei
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tashkent
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tbilisi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tehran
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Thimphu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tokyo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Ulaanbaatar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Urumqi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Vientiane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Vladivostok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yakutsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yekaterinburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yerevan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Azores
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Bermuda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Canary
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Cape_Verde
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Faeroe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Faroe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Madeira
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Reykjavik
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\South_Georgia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\St_Helena
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Stanley
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Adelaide
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Brisbane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Broken_Hill
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Currie
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Darwin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Eucla
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Hobart
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Lindeman
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Lord_Howe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Melbourne
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Perth
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Sydney
c:\program files\Gomez\GomezPEER\jre\lib\zi\CET
c:\program files\Gomez\GomezPEER\jre\lib\zi\CST6CDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\EET
c:\program files\Gomez\GomezPEER\jre\lib\zi\EST
c:\program files\Gomez\GomezPEER\jre\lib\zi\EST5EDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-1
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-10
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-11
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-12
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-13
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-14
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-2
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-3
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-4
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-5
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-6
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-7
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-8
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-9
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+1
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+10
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+11
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+12
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+2
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+3
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+4
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+5
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+6
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+7
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+8
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+9
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\UCT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\UTC
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Amsterdam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Andorra
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Athens
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Belgrade
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Berlin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Brussels
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Bucharest
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Budapest
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Chisinau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Copenhagen
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Dublin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Gibraltar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Helsinki
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Istanbul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Kaliningrad
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Kiev
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Lisbon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\London
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Luxembourg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Madrid
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Malta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Minsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Monaco
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Moscow
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Oslo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Paris
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Prague
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Riga
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Rome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Samara
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Simferopol
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Sofia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Stockholm
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Tallinn
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Tirane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Uzhgorod
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vaduz
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vienna
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vilnius
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Volgograd
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Warsaw
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Zaporozhye
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Zurich
c:\program files\Gomez\GomezPEER\jre\lib\zi\GMT
c:\program files\Gomez\GomezPEER\jre\lib\zi\HST
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Antananarivo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Chagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Christmas
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Cocos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Comoro
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Kerguelen
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mahe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Maldives
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mauritius
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mayotte
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Reunion
c:\program files\Gomez\GomezPEER\jre\lib\zi\MET
c:\program files\Gomez\GomezPEER\jre\lib\zi\MST
c:\program files\Gomez\GomezPEER\jre\lib\zi\MST7MDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Apia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Auckland
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Chatham
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Easter
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Efate
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Enderbury
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Fakaofo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Fiji
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Funafuti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Galapagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Gambier
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Guadalcanal
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Guam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Honolulu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Johnston
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kiritimati
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kosrae
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kwajalein
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Majuro
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Marquesas
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Midway
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Nauru
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Niue
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Norfolk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Noumea
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Pago_Pago
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Palau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Pitcairn
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Ponape
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Port_Moresby
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Rarotonga
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Saipan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tahiti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tarawa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tongatapu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Truk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Wake
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Wallis
c:\program files\Gomez\GomezPEER\jre\lib\zi\PST8PDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\AST4
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\AST4ADT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\CST6
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\CST6CDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\EST5
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\EST5EDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\HST10
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\MST7
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\MST7MDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\PST8
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\PST8PDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\YST9
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\YST9YDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\WET
c:\program files\Gomez\GomezPEER\jre\lib\zi\ZoneInfoMappings
c:\program files\Gomez\GomezPEER\jre\LICENSE
c:\program files\Gomez\GomezPEER\jre\LICENSE.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_de.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_es.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_fr.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_it.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_ja.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_ko.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_sv.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_zh_CN.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_zh_TW.rtf
c:\program files\Gomez\GomezPEER\jre\README.txt
c:\program files\Gomez\GomezPEER\jre\THIRDPARTYLICENSEREADME.txt
c:\program files\Gomez\GomezPEER\jre\Welcome.html
c:\program files\Gomez\GomezPEER\mname.ini
c:\program files\Gomez\GomezPEER\peer.log
c:\program files\Gomez\GomezPEER\ReadMe.txt
c:\program files\Gomez\GomezPEER\uninstall.exe
c:\program files\Gomez\GomezPEER\upatelog.txt
c:\program files\Gomez\GomezPEER\version.xml
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-26 18:36 . 2009-12-24 16:58 6515976 ---ha-w- c:\documents and settings\Homie\Application Data\mjusbsp\in00000\setup.exe
2010-02-26 18:35 . 2009-12-24 16:54 730032 ---ha-w- c:\documents and settings\Homie\Application Data\mjusbsp\ar00000\install.exe
2010-02-26 06:13 . 2010-02-26 07:16 -------- d-----w- C:\KBot
2010-02-22 21:30 . 2010-02-22 21:30 50477 ----a-w- C:\Defogger.exe
2010-02-22 01:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-22 01:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-22 01:37 . 2010-02-22 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 20:37 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-02-07 19:50 . 2008-04-14 10:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-02-05 15:39 . 2010-02-05 15:39 251376 ----a-w- c:\documents and settings\Homie\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-01 23:33 . 2010-02-07 21:05 -------- d-----w- c:\program files\OUGOMessenger
2010-01-28 14:13 . 2010-01-28 14:13 -------- d-----w- c:\documents and settings\Administrator.DANSLAPTOP\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 00:41 . 2009-06-26 19:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-26 22:01 . 2009-05-30 21:42 -------- d-----w- c:\documents and settings\Homie\Application Data\Azureus
2010-02-26 18:38 . 2009-05-15 13:28 -------- d-----w- c:\documents and settings\Homie\Application Data\mjusbsp
2010-02-26 07:31 . 2009-05-20 21:10 -------- d-----w- c:\program files\Java
2010-02-25 19:51 . 2009-05-16 21:27 -------- d-----w- c:\documents and settings\Homie\Application Data\Vidalia
2010-02-25 19:49 . 2009-06-05 17:36 -------- d-----w- c:\documents and settings\Homie\Application Data\tor
2010-02-25 18:51 . 2009-05-16 07:10 -------- d-----w- c:\documents and settings\Homie\Application Data\Camfrog
2010-02-25 05:59 . 2009-06-05 17:26 -------- d-----w- c:\program files\Vidalia Bundle
2010-02-21 02:57 . 2009-06-26 20:12 -------- d-----w- c:\program files\Trojan Remover
2010-02-20 17:17 . 2009-06-10 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 17:12 . 2009-08-29 02:48 -------- d-----w- c:\program files\CheetaChat
2010-02-08 20:08 . 2009-11-28 03:16 -------- d-----w- c:\program files\SuperSearch
2010-02-07 23:31 . 2009-05-15 04:39 -------- d-----w- c:\program files\ESET
2010-02-03 05:33 . 2010-01-27 22:15 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-02-02 17:34 . 2009-11-23 00:36 -------- d-----w- c:\program files\Spyware Doctor
2010-01-28 00:44 . 2010-01-28 00:44 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:43 . 2010-01-28 00:43 503808 ----a-w- c:\documents and settings\Homie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-66b363d6-n\msvcp71.dll
2010-01-28 00:43 . 2010-01-28 00:43 499712 ----a-w- c:\documents and settings\Homie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-66b363d6-n\jmc.dll
2010-01-28 00:43 . 2010-01-28 00:43 348160 ----a-w- c:\documents and settings\Homie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-66b363d6-n\msvcr71.dll
2010-01-28 00:43 . 2010-01-28 00:43 61440 ----a-w- c:\documents and settings\Homie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6557fd66-n\decora-sse.dll
2010-01-28 00:43 . 2010-01-28 00:43 12800 ----a-w- c:\documents and settings\Homie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6557fd66-n\decora-d3d.dll
2010-01-27 22:18 . 2010-01-27 22:17 -------- d-----w- c:\documents and settings\Homie\Application Data\PCToolsFirewallPlus
2010-01-24 07:56 . 2009-06-30 19:44 117760 ----a-w- c:\documents and settings\Administrator.DANSLAPTOP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-13 13:59 . 2010-01-27 22:15 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-12 14:34 . 2010-01-27 22:15 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-08 13:13 . 2010-01-08 13:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-07 23:02 . 2010-01-07 23:02 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-07 23:01 . 2010-01-07 23:01 -------- d-----w- c:\program files\Windows Media Components
2010-01-07 23:01 . 2010-01-07 23:01 -------- d-----w- c:\program files\Logitech
2010-01-07 22:58 . 2009-07-23 05:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 17:40 . 2009-11-23 00:36 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-07 16:35 . 2010-01-27 22:15 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-07 16:35 . 2010-01-27 22:15 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-12-31 16:50 . 2008-04-14 04:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 04:31 . 2009-12-30 02:57 -------- d-----w- c:\documents and settings\Homie\Application Data\Move Networks
2009-12-30 02:57 . 2009-12-30 02:57 144160 ----a-w- c:\documents and settings\Homie\Application Data\Move Networks\uninstall.exe
2009-12-30 02:57 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Homie\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-29 21:38 . 2009-05-15 05:32 -------- d-----w- c:\program files\Unlocker
2009-12-29 16:02 . 2009-12-29 16:02 -------- d-----w- c:\program files\Microsoft
2009-12-29 16:02 . 2009-12-29 16:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-24 16:59 . 2009-12-24 16:59 93016 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:58 . 2010-01-05 22:18 6515976 ---ha-w- c:\documents and settings\Homie\Application Data\mjusbsp\Upgrade\setup1.exe
2009-12-24 16:58 . 2009-12-24 16:58 6515976 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\ug00000\setup.exe
2009-12-24 16:58 . 2009-12-24 16:58 416328 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\magicJackLoader.exe
2009-12-24 16:58 . 2009-12-24 16:58 480608 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\octvqe1_apiw.dll
2009-12-24 16:58 . 2009-12-24 16:58 214360 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\TjVista.dll
2009-12-24 16:58 . 2009-12-24 16:58 337240 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\TjIpSys.dll
2009-12-24 16:58 . 2009-12-24 16:58 607600 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 87384 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\st00000\mjsetup.exe
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:55 . 2009-12-24 16:55 12482904 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:54 . 2010-01-05 22:18 730032 ---ha-w- c:\documents and settings\Homie\Application Data\mjusbsp\Upgrade\install1.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 93016 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 ----a-w- c:\documents and settings\Homie\Application Data\mjusbsp\cdloader2.exe
2009-12-22 05:21 . 2008-04-14 09:42 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2008-04-14 09:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 20:02 . 2009-12-18 20:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-12-17 22:14 . 2009-05-20 21:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2009-05-15 01:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 09:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\Homie\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-08 19:27 . 2008-04-14 04:57 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 04:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-08-18 21:42 . 2009-08-18 21:42 49152 ----a-w- c:\program files\mozilla firefox\components\SuperSearchXPCOM.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Homie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]
"cdloader"="c:\documents and settings\Homie\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Eyeball Chat"="c:\program files\Eyeball Networks\Eyeball Chat\EyeballChat.exe" [2009-07-13 2691072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-10-12 439568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Homie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Homie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\Homie\\Application Data\\mjusbsp\\magicJack.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2009 7:36 PM 207792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/22/2009 7:36 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/22/2009 7:36 PM 88040]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/27/2010 5:15 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [1/27/2010 5:15 PM 58816]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/27/2010 5:15 PM 115216]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/18/2009 7:53 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-115176313-1644491937-1003Core.job
- c:\documents and settings\Homie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 23:20]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-115176313-1644491937-1003UA.job
- c:\documents and settings\Homie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
FF - ProfilePath - c:\documents and settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\Mozilla Firefox\components\SuperSearchXPCOM.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Homie\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Homie\Application Data\Mozilla\Firefox\Profiles\l83aqo37.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Homie\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Homie\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-GomezPEER - c:\program files\Gomez\GomezPEER\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-26 20:35:14
ComboFix-quarantined-files.txt 2010-02-27 01:34
ComboFix2.txt 2010-02-08 20:19
ComboFix3.txt 2010-01-25 04:11
ComboFix4.txt 2009-10-12 06:42

Pre-Run: 14,846,816,256 bytes free
Post-Run: 15,305,084,928 bytes free

- - End Of File - - D3293AC4B0E05A10E7836F2C6EEAA515


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 27 February 2010 - 04:18 PM

Hi,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Spyware Doctor or Eset.

It seems ComboFix deleted GomezPeer. Do you know this program and do you want it back?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 27 February 2010 - 05:03 PM

Yes I know gomezpeer and yes I want it back. When we where all done here I was going to delete both eset and Spyware Doctor aswell as PCTools Firewall and get avira free. Good choice? My system still have all the same symptoms as before. I think my registry is been edited with out me knowing and causing all these issues.

Edited by snouk, 27 February 2010 - 05:40 PM.


#14 snouk

snouk
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 28 February 2010 - 09:58 AM

I will get gomespeer and avira later. So now what is next? My system hasn't change one bit. Except for when I right click it wont freeze now. I thank you for your help so far. smile.gif

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:56 AM

Posted 01 March 2010 - 10:43 AM

Hi,

GomezPeer has a mixed reputation. You can read a little about it here: Link.
If you still want it back let's undo what ComboFix did:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
DeQuarantine::
c:\Qoobox\Quarantine\C\program files\Gomez
Quit::


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply, as well as DeQuarantine.log

Next restore the registry backup Combofix made:
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. At the C:\Windows prompt, type the following bolded text, and press Enter:

    cd erdnt\subs

  6. At the next prompt, type the following bolded text, and press Enter:

    batch erdnt.con

  7. The erunt backups will begin copying.
  8. At the next prompt, type the following bolded text, and before beginning a new line press Enter:

    exit
Windows will now begin loading.

Let me know if Gomez is up and running now.
Avira is indeed a good choice, it is very lightweight.

The slowness does not seem to come from malware, probably comes from a program you have installed. Do you recall any changes you made shortly before the problem started? Do you use system restore and do you have a restore point prior to your PC becoming slow?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users