Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log: please help diagnose


  • This topic is locked This topic is locked
15 replies to this topic

#1 habibuRahman

habibuRahman

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 01 March 2010 - 03:20 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:13 AM, on 3/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\Registry Mechanic\RegMech.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HAD\PTW.EXE
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\hijackthis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - D:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - D:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\RunOnce: [Shockwave Updater] D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://skateboardgamez.com/media/169/street-sesh.html"
O4 - HKUS\S-1-5-21-1343024091-162531612-725345543-500\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1343024091-162531612-725345543-500\..\RunOnce: [NeroHomeFirstStart] "D:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1343024091-162531612-725345543-501\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-1343024091-162531612-725345543-501\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EMBARQ Help.lnk = D:\Program Files\Virtual Assistant\bin\matcli.exe
O4 - Global Startup: Prayer Times.lnk = C:\HAD\PTW.EXE
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1251690559671
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200589495437
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - AppInit_DLLs: D:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb22.dll D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - D:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12198 bytes


BC AdBot (Login to Remove)

 


#2 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 03 March 2010 - 06:13 PM

can some one please help me with my log, i have been told not to do any changing to the computer after i post my log, and now i'm waitting for a reply, and can't try anything else to fix it because i'm not sopose to chang any thing, so please can some one help soon.
thank you.
Habib.

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 05 March 2010 - 07:59 AM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 06 March 2010 - 05:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 06 March 2010 - 11:21 PM

OTL logfile created on: 3/6/2010 10:59:58 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = D:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2560 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.00 Gb Total Space | 3.43 Gb Free Space | 68.52% Space Free | Partition Type: NTFS
Drive D: | 40.02 Gb Total Space | 1.43 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive E: | 31.30 Gb Total Space | 14.01 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2400C4920
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/06 22:58:27 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/06 01:39:32 | 000,030,192 | ---- | M] (Google) -- D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/02/06 01:27:59 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/04 17:00:14 | 002,334,856 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/06/30 10:00:02 | 002,836,376 | ---- | M] (PC Tools) -- D:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- D:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/01/29 12:38:37 | 000,068,856 | ---- | M] (Google Inc.) -- D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/10/23 14:19:06 | 001,410,344 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/23 14:18:46 | 000,202,024 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/05/27 09:46:00 | 004,672,512 | ---- | M] (Al Muhaddith) -- C:\HAD\PTW.EXE
PRC - [2006/04/20 13:01:49 | 000,094,208 | ---- | M] (Elaborate Bytes AG) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2005/05/19 08:47:36 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2004/10/15 18:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- D:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/06 22:58:27 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/02/06 01:30:15 | 000,102,400 | ---- | M] (RealPlayer) -- D:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/11/12 00:58:09 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/04/13 19:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 19:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\AppPatch\acgenral.dll
MOD - [2007/03/21 20:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\MSVCP71.DLL
MOD - [2006/05/27 07:58:30 | 000,018,432 | ---- | M] () -- C:\HAD\GOTH.DLL
MOD - [2004/10/15 17:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- D:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/06 01:39:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- D:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/15 18:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- D:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/16 15:44:42 | 000,516,480 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\Ca1528av.sys -- (Ca1528av)
DRV - [2008/10/30 21:17:35 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/10/30 21:17:34 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/10/30 21:17:32 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/06/27 16:41:14 | 000,011,648 | ---- | M] (SunPlus) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Bulk1528.sys -- (Bulk1528)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/01 00:42:09 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/01 00:42:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/04 13:32:43 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/02/04 13:32:43 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/10/30 19:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/28 15:56:07 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/24 14:45:28 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/04/22 14:59:21 | 000,024,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\VClone.sys -- (VClone)
DRV - [2005/10/16 15:50:06 | 000,245,376 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/05/03 10:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/10/15 17:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 17:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 17:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 17:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 17:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 17:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/08/21 16:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.alot.com/?client_id=99EA865001...on=2.5.9000.490
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 4E 12 77 93 B9 CA 01 [binary data]
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\S-1-5-21-1343024091-162531612-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-162531612-725345543-500\S-1-5-21-1343024091-162531612-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-162531612-725345543-501\S-1-5-21-1343024091-162531612-725345543-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: D:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/07 03:50:26 | 000,000,000 | ---D | M]

[2009/01/08 10:08:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/21 19:14:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep7hzx8y.default\extensions
[2009/01/08 10:32:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep7hzx8y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/21 19:14:48 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2008/10/04 20:24:00 | 003,695,008 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2008/03/17 11:34:28 | 000,001,242 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ar.xml

O1 HOSTS File: ([2009/07/05 20:16:34 | 000,224,678 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7885 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - D:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - D:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - D:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - D:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-501\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-501\..\Toolbar\WebBrowser: (no name) - {F8A4D35F-A7DE-4A50-A4D1-FBE6D8AB4F37} - No CLSID value found.
O4 - HKLM..\Run: [CloneCDTray] D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISTray] D:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NBKeyScan] D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmcService] D:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows Defender] D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [Advanced SystemCare 3] D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [Skype] D:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-501..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\RunOnce: [Shockwave Updater] D:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; Mozilla\4.0 ( File not found
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-500..\RunOnce: [NeroHomeFirstStart] D:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBARQ Help.lnk = D:\Program Files\Virtual Assistant\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Prayer Times.lnk = C:\HAD\PTW.EXE (Al Muhaddith)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1251690559671 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1200589495437 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file:///D:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (D:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb22.dll) - D:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb22.dll File not found
O20 - AppInit_DLLs: (D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - D:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - D:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/17 11:35:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/12 20:36:32 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setupSNK.exe -- [2008/04/14 04:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - D:\WINDOWS\system32\ias [2008/01/17 11:34:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - D:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - D:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - D:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - D:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 22:58:00 | 000,553,984 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/06 18:49:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/04 20:54:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Application Data\skypePM
[2010/03/04 18:25:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Application Data\Skype
[2010/03/04 18:22:17 | 000,000,000 | R--D | C] -- D:\Program Files\Skype
[2010/03/03 17:05:02 | 000,000,000 | ---D | C] -- D:\Program Files\alot
[2010/03/03 17:05:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Application Data\alot
[2010/03/01 03:13:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\HijackThis
[2010/03/01 03:12:44 | 000,000,000 | ---D | C] -- D:\Program Files\New Folder
[2010/03/01 00:08:50 | 000,000,000 | ---D | C] -- D:\Program Files\Hijackthis
[2010/03/01 00:07:48 | 000,488,144 | ---- | C] (Soeperman Enterprises Ltd ) -- D:\Documents and Settings\Owner\Desktop\HJTsetup.exe
[2010/02/20 11:05:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/02/13 23:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\Gucci Mane
[2010/02/11 03:30:14 | 000,000,000 | ---D | C] -- D:\Program Files\Cobian Backup 7
[2010/02/11 01:09:46 | 000,000,000 | ---D | C] -- D:\Program Files\Cobian Backup 8
[2010/02/10 23:44:19 | 001,277,952 | ---- | C] (Ahead Software AG) -- D:\WINDOWS\UNMRW.exe
[2010/02/10 23:44:19 | 000,025,520 | ---- | C] (Ahead Software AG) -- D:\WINDOWS\System32\drivers\incdrm.sys
[2010/02/10 23:44:19 | 000,000,000 | ---D | C] -- D:\Program Files\Ahead
[2010/02/10 00:00:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\New Folder (2)
[2010/02/08 02:44:21 | 000,000,000 | ---D | C] -- D:\Program Files\SpywareBlaster
[2010/02/08 01:17:58 | 000,000,000 | ---D | C] -- D:\Program Files\Zone Labs
[2010/02/07 16:56:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/07 04:16:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups
[2010/02/07 04:14:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old
[2010/02/07 03:58:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old1
[2010/02/07 03:55:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old2
[2010/02/07 03:51:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old3
[2010/02/07 03:51:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backupreg
[2010/02/07 03:51:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\editreg.exe
[2010/02/07 03:51:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\rtsdnif.exe
[2010/02/07 03:51:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\attrib.exe
[2010/02/07 03:51:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\dnif.exe
[2010/02/07 00:38:17 | 000,000,000 | ---D | C] -- D:\SDFix
[2010/02/06 22:23:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\77e74bb
[2010/02/06 18:04:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/06 18:04:19 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/06 18:04:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/06 18:04:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Google
[2010/02/06 01:29:02 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\xing shared
[2010/02/06 01:22:13 | 000,233,136 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/06 01:22:00 | 000,207,792 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/06 01:22:00 | 000,087,784 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/06 01:21:45 | 000,070,408 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/06 01:21:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/06 08:04:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/30 00:05:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2009/08/20 19:43:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/07/26 23:30:10 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/09 23:46:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/09 23:46:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/09 23:45:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2008/02/12 16:07:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/02/05 07:55:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Acronis
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\4DW4R3tFaxoeKjWi.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\4DW4R3reaHeVcOUK.dll
[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\4DW4R3LrWhndeqpF.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\4DW4R3jeoPNILSEX.dll
[2010/03/06 22:58:27 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/06 22:55:31 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{6882F2CE-5ECE-4E3A-9EEB-C64DE620B223}.job
[2010/03/06 22:48:13 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/06 22:46:54 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/03/06 22:45:11 | 000,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2010/03/06 22:45:04 | 000,000,236 | ---- | M] () -- D:\WINDOWS\tasks\OGALogon.job
[2010/03/06 22:45:03 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/06 22:45:03 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job
[2010/03/06 22:45:03 | 000,000,416 | ---- | M] () -- D:\WINDOWS\tasks\PCConfidential.job
[2010/03/06 22:45:01 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/03/06 22:44:59 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/03/06 22:44:12 | 007,602,176 | ---- | M] () -- D:\Documents and Settings\Owner\NTUSER.DAT
[2010/03/06 22:43:43 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Owner\ntuser.ini
[2010/03/06 22:42:32 | 013,476,360 | -H-- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/06 22:20:29 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010/03/06 22:16:08 | 000,054,156 | -H-- | M] () -- D:\WINDOWS\QTFont.qfn
[2010/03/06 22:04:01 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/06 18:49:28 | 000,001,409 | ---- | M] () -- D:\WINDOWS\QTFont.for
[2010/03/06 03:49:40 | 000,069,120 | ---- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 20:54:01 | 000,000,056 | -H-- | M] () -- D:\WINDOWS\System32\ezsidmv.dat
[2010/03/02 03:52:25 | 000,465,380 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/03/02 03:52:25 | 000,079,074 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/03/02 03:52:24 | 000,552,218 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 03:11:41 | 000,318,067 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\HijackThis.zip
[2010/03/01 00:08:00 | 000,488,144 | ---- | M] (Soeperman Enterprises Ltd ) -- D:\Documents and Settings\Owner\Desktop\HJTsetup.exe
[2010/02/28 22:35:14 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Owner\s-1-5-21-1343024091-162531612-725345543-1004.rrr
[2010/02/26 17:18:18 | 000,036,352 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\Copy of Dickinson Ave auto and tire revoce revenue expenses.xls
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MpSigStub.exe
[2010/02/24 02:35:10 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/02/24 02:11:43 | 000,010,788 | -HS- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\lpWPnW3FA4HFUpDk38r360k0w
[2010/02/24 02:11:35 | 000,015,418 | -HS- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\6c6c
[2010/02/22 21:26:51 | 000,000,384 | ---- | M] () -- D:\WINDOWS\tasks\SmartDefrag.job
[2010/02/20 14:24:09 | 000,564,720 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\Pink.pptx
[2010/02/20 14:12:42 | 000,292,495 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\My Cats!.pptx
[2010/02/19 14:50:57 | 000,000,245 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\American Tire Distributors - ATDOnline.url
[2010/02/18 11:36:44 | 000,000,342 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\ATT00055.dat
[2010/02/14 01:53:31 | 000,305,152 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\windiag.iso
[2010/02/13 23:44:08 | 000,654,920 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\mtinst.exe
[2010/02/13 12:30:10 | 000,054,414 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\By.docx
[2010/02/13 12:28:12 | 000,016,988 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\Ammahtullah Mahmoud.docx
[2010/02/12 08:49:47 | 368,742,397 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\Backup.bkf
[2010/02/08 15:29:46 | 000,000,018 | ---- | M] () -- D:\Documents and Settings\Owner\lp1
[2010/02/08 02:44:22 | 000,000,700 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/08 01:07:35 | 007,716,864 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\rc.iso
[2010/02/07 03:37:18 | 000,001,395 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\runas-cspfixrunthis.bat.lnk
[2010/02/07 02:20:48 | 001,529,241 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\SDFix.exe
[2010/02/07 00:36:19 | 000,689,288 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\SDFix.mht
[2010/02/06 01:43:26 | 000,001,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/02/06 01:43:26 | 000,001,750 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/02/06 01:43:26 | 000,001,738 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/02/06 01:30:16 | 000,000,907 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/02/06 01:29:58 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- D:\WINDOWS\System32\rmoc3260.dll
[2010/02/06 01:29:18 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- D:\WINDOWS\System32\pndx5016.dll
[2010/02/06 01:29:18 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- D:\WINDOWS\System32\pndx5032.dll
[2010/02/06 01:28:04 | 000,278,528 | ---- | M] (Real Networks, Inc) -- D:\WINDOWS\System32\pncrt.dll
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\4DW4R3tFaxoeKjWi.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\4DW4R3reaHeVcOUK.dll
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\4DW4R3LrWhndeqpF.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\4DW4R3jeoPNILSEX.dll
[2010/03/06 18:49:28 | 000,054,156 | -H-- | C] () -- D:\WINDOWS\QTFont.qfn
[2010/03/06 18:49:28 | 000,001,409 | ---- | C] () -- D:\WINDOWS\QTFont.for
[2010/03/04 20:54:01 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2010/03/01 03:11:26 | 000,318,067 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\HijackThis.zip
[2010/02/28 22:35:14 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Owner\s-1-5-21-1343024091-162531612-725345543-1004.rrr
[2010/02/23 19:30:39 | 000,010,788 | -HS- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\lpWPnW3FA4HFUpDk38r360k0w
[2010/02/23 15:56:14 | 000,015,418 | -HS- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\6c6c
[2010/02/23 15:26:46 | 000,017,360 | -HS- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\6c6c
[2010/02/18 11:36:44 | 000,000,342 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\ATT00055.dat
[2010/02/14 01:53:30 | 000,305,152 | ---- | C] () -- D:\Documents and Settings\Owner\My Documents\windiag.iso
[2010/02/13 23:43:58 | 000,654,920 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\mtinst.exe
[2010/02/12 07:59:01 | 368,742,397 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\Backup.bkf
[2010/02/10 23:44:19 | 000,027,833 | ---- | C] () -- D:\WINDOWS\UNMRW.cfg
[2010/02/10 00:13:47 | 000,000,245 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\American Tire Distributors - ATDOnline.url
[2010/02/08 15:29:46 | 000,000,018 | ---- | C] () -- D:\Documents and Settings\Owner\lp1
[2010/02/08 02:44:22 | 000,000,700 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/08 00:56:32 | 007,716,864 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\rc.iso
[2010/02/07 03:35:45 | 000,001,395 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\runas-cspfixrunthis.bat.lnk
[2010/02/07 00:37:07 | 001,529,241 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\SDFix.exe
[2010/02/07 00:36:14 | 000,689,288 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\SDFix.mht
[2010/02/06 17:44:52 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Owner\CUSTOM.DICCUSTOM.DIC
[2010/02/06 01:43:26 | 000,001,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/02/06 01:43:26 | 000,001,750 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/02/06 01:43:26 | 000,001,738 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/02/06 01:30:16 | 000,000,907 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/02/06 01:22:13 | 000,007,387 | ---- | C] () -- D:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/06 01:22:00 | 000,007,412 | ---- | C] () -- D:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/06 01:22:00 | 000,007,383 | ---- | C] () -- D:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/06 01:21:45 | 000,007,383 | ---- | C] () -- D:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/03 02:18:08 | 000,000,523 | ---- | C] () -- D:\WINDOWS\odatuzaru.dll
[2010/02/01 15:14:05 | 000,000,523 | ---- | C] () -- D:\WINDOWS\evalininozum.dll
[2010/01/31 20:40:03 | 000,000,523 | ---- | C] () -- D:\WINDOWS\ebozocohofafah.dll
[2010/01/31 18:38:13 | 000,000,523 | ---- | C] () -- D:\WINDOWS\ewosaqit.dll
[2010/01/30 21:23:34 | 000,000,523 | ---- | C] () -- D:\WINDOWS\uluqixiwu.dll
[2010/01/29 17:42:47 | 000,000,043 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\.zreglib
[2010/01/29 12:27:16 | 000,000,523 | ---- | C] () -- D:\WINDOWS\edipucusezejoh.dll
[2010/01/21 15:08:18 | 000,014,115 | ---- | C] () -- D:\WINDOWS\twspmm.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2008/03/05 08:30:40 | 000,286,208 | ---- | C] () -- D:\WINDOWS\System32\cncs232.dll
[2008/03/05 08:30:40 | 000,001,117 | ---- | C] () -- D:\WINDOWS\Treble.ini
[2008/03/05 08:30:40 | 000,000,896 | ---- | C] () -- D:\WINDOWS\Bass.ini
[2008/02/23 20:08:46 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2008/01/29 12:52:35 | 000,069,120 | ---- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2004/10/15 17:31:56 | 000,218,264 | ---- | C] () -- D:\WINDOWS\System32\SetAid.dll
[2004/08/04 05:00:00 | 000,755,200 | ---- | C] () -- D:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 000,200,192 | ---- | C] () -- D:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 000,183,808 | ---- | C] () -- D:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 000,120,320 | ---- | C] () -- D:\WINDOWS\System32\ir41_qc.dll
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- D:\WINDOWS\System32\msvdm.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/06 22:47:07 | 000,000,000 | ---D | M] Unable to obtain MD5 -- D:\WINDOWS\System32\
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- D:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- D:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
< End of report >



OTL Extras logfile created on: 3/6/2010 10:59:58 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = D:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2560 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.00 Gb Total Space | 3.43 Gb Free Space | 68.52% Space Free | Partition Type: NTFS
Drive D: | 40.02 Gb Total Space | 1.43 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive E: | 31.30 Gb Total Space | 14.01 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2400C4920
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe File not found

[HKEY_USERS\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [sendtotoys1add] -- D:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- D:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- D:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Program Files\Cobian Backup 7\cobui.exe" = D:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface -- (Luis Cobian)
"D:\Program Files\Cobian Backup 7\CobBU.exe" = D:\Program Files\Cobian Backup 7\CobBU.exe:*:Enabled:Cobian Backup 7 Application -- (Luis Cobian)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{88589E19-665C-4575-A4A0-CE9C43C51033}" = Nero 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Al Muhaddith: Prayer Times, V 6.95" = Al Muhaddith: Prayer Times, V 6.95
"alotToolbar" = ALOT Toolbar
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CobBackup7" = Cobian Backup 7
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EMBARQ Help Online" = EMBARQ Help Online
"EMBARQ Remote Control" = EMBARQ Remote Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow" = ffdshow (remove only)
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Happy Note! Treble Clef and Bass Clef" = Happy Note! Treble Clef and Bass Clef
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Send To Toys_is1" = Send To Toys v2.5
"Smart Defrag_is1" = Smart Defrag 1.20
"Sprint.MccInstall" = EMBARQ Help
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stellaluna" = Stellaluna
"Tweak UI 2.10" = Tweak UI
"UltraISO_is1" = UltraISO Premium V8.61
"UnityWebPlayer" = Unity Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Owner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2010 5:13:03 PM | Computer Name = OWNER-2400C4920 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 6:12:59 PM | Computer Name = OWNER-2400C4920 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 7:01:19 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 7:13:06 PM | Computer Name = OWNER-2400C4920 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 8:00:16 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 8:27:10 PM | Computer Name = OWNER-2400C4920 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10008f08.

Error - 3/6/2010 9:18:25 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 9:30:05 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 11:08:37 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 11:53:37 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ OSession Events ]
Error - 7/17/2008 1:40:28 PM | Computer Name = OWNER-2400C4920 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4207
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/5/2010 11:18:18 AM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%2

Error - 3/5/2010 11:18:18 AM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The SPCA1528 Video Camera Service service failed to start due to the
following error: %%1058

Error - 3/5/2010 11:20:08 AM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/5/2010 9:42:17 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/5/2010 11:22:21 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%87

Error - 3/6/2010 7:46:40 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%87

Error - 3/6/2010 7:46:40 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%2

Error - 3/6/2010 7:46:40 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The SPCA1528 Video Camera Service service failed to start due to the
following error: %%1058

Error - 3/6/2010 7:48:25 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/6/2010 9:24:08 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%2


< End of report >


OTL logfile created on: 3/6/2010 10:59:58 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = D:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2560 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.00 Gb Total Space | 3.43 Gb Free Space | 68.52% Space Free | Partition Type: NTFS
Drive D: | 40.02 Gb Total Space | 1.43 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive E: | 31.30 Gb Total Space | 14.01 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2400C4920
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/06 22:58:27 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/06 01:39:32 | 000,030,192 | ---- | M] (Google) -- D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/02/06 01:27:59 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/04 17:00:14 | 002,334,856 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/06/30 10:00:02 | 002,836,376 | ---- | M] (PC Tools) -- D:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- D:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/01/29 12:38:37 | 000,068,856 | ---- | M] (Google Inc.) -- D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/10/23 14:19:06 | 001,410,344 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/23 14:18:46 | 000,202,024 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/05/27 09:46:00 | 004,672,512 | ---- | M] (Al Muhaddith) -- C:\HAD\PTW.EXE
PRC - [2006/04/20 13:01:49 | 000,094,208 | ---- | M] (Elaborate Bytes AG) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2005/05/19 08:47:36 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2004/10/15 18:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- D:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/06 22:58:27 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/02/06 01:30:15 | 000,102,400 | ---- | M] (RealPlayer) -- D:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/11/12 00:58:09 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/04/13 19:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 19:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\AppPatch\acgenral.dll
MOD - [2007/03/21 20:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\MSVCP71.DLL
MOD - [2006/05/27 07:58:30 | 000,018,432 | ---- | M] () -- C:\HAD\GOTH.DLL
MOD - [2004/10/15 17:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- D:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/06 01:39:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- D:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/15 18:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- D:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/16 15:44:42 | 000,516,480 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\Ca1528av.sys -- (Ca1528av)
DRV - [2008/10/30 21:17:35 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/10/30 21:17:34 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/10/30 21:17:32 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/06/27 16:41:14 | 000,011,648 | ---- | M] (SunPlus) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Bulk1528.sys -- (Bulk1528)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/01 00:42:09 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/01 00:42:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/04 13:32:43 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/02/04 13:32:43 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/10/30 19:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/28 15:56:07 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/24 14:45:28 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/04/22 14:59:21 | 000,024,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\VClone.sys -- (VClone)
DRV - [2005/10/16 15:50:06 | 000,245,376 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/05/03 10:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/10/15 17:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 17:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 17:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 17:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 17:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 17:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/08/21 16:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.alot.com/?client_id=99EA865001...on=2.5.9000.490
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 4E 12 77 93 B9 CA 01 [binary data]
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1343024091-162531612-725345543-1004\S-1-5-21-1343024091-162531612-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-162531612-725345543-500\S-1-5-21-1343024091-162531612-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-162531612-725345543-501\S-1-5-21-1343024091-162531612-725345543-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: D:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/07 03:50:26 | 000,000,000 | ---D | M]

[2009/01/08 10:08:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/21 19:14:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep7hzx8y.default\extensions
[2009/01/08 10:32:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ep7hzx8y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/21 19:14:48 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2008/10/04 20:24:00 | 003,695,008 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2008/03/17 11:34:28 | 000,001,242 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ar.xml

O1 HOSTS File: ([2009/07/05 20:16:34 | 000,224,678 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7885 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - D:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - D:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - D:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - D:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-501\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-1343024091-162531612-725345543-501\..\Toolbar\WebBrowser: (no name) - {F8A4D35F-A7DE-4A50-A4D1-FBE6D8AB4F37} - No CLSID value found.
O4 - HKLM..\Run: [CloneCDTray] D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISTray] D:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NBKeyScan] D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmcService] D:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows Defender] D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [Advanced SystemCare 3] D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [Skype] D:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-501..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-1004..\RunOnce: [Shockwave Updater] D:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; Mozilla\4.0 ( File not found
O4 - HKU\S-1-5-21-1343024091-162531612-725345543-500..\RunOnce: [NeroHomeFirstStart] D:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBARQ Help.lnk = D:\Program Files\Virtual Assistant\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Prayer Times.lnk = C:\HAD\PTW.EXE (Al Muhaddith)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-162531612-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1343024091-162531612-725345543-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1251690559671 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1200589495437 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file:///D:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (D:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb22.dll) - D:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb22.dll File not found
O20 - AppInit_DLLs: (D:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - D:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - D:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/17 11:35:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/12 20:36:32 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setupSNK.exe -- [2008/04/14 04:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - D:\WINDOWS\system32\ias [2008/01/17 11:34:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - D:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - D:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - D:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - D:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 22:58:00 | 000,553,984 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/06 18:49:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/04 20:54:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Application Data\skypePM
[2010/03/04 18:25:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Application Data\Skype
[2010/03/04 18:22:17 | 000,000,000 | R--D | C] -- D:\Program Files\Skype
[2010/03/03 17:05:02 | 000,000,000 | ---D | C] -- D:\Program Files\alot
[2010/03/03 17:05:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Application Data\alot
[2010/03/01 03:13:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\HijackThis
[2010/03/01 03:12:44 | 000,000,000 | ---D | C] -- D:\Program Files\New Folder
[2010/03/01 00:08:50 | 000,000,000 | ---D | C] -- D:\Program Files\Hijackthis
[2010/03/01 00:07:48 | 000,488,144 | ---- | C] (Soeperman Enterprises Ltd ) -- D:\Documents and Settings\Owner\Desktop\HJTsetup.exe
[2010/02/20 11:05:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/02/13 23:24:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\Gucci Mane
[2010/02/11 03:30:14 | 000,000,000 | ---D | C] -- D:\Program Files\Cobian Backup 7
[2010/02/11 01:09:46 | 000,000,000 | ---D | C] -- D:\Program Files\Cobian Backup 8
[2010/02/10 23:44:19 | 001,277,952 | ---- | C] (Ahead Software AG) -- D:\WINDOWS\UNMRW.exe
[2010/02/10 23:44:19 | 000,025,520 | ---- | C] (Ahead Software AG) -- D:\WINDOWS\System32\drivers\incdrm.sys
[2010/02/10 23:44:19 | 000,000,000 | ---D | C] -- D:\Program Files\Ahead
[2010/02/10 00:00:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\New Folder (2)
[2010/02/08 02:44:21 | 000,000,000 | ---D | C] -- D:\Program Files\SpywareBlaster
[2010/02/08 01:17:58 | 000,000,000 | ---D | C] -- D:\Program Files\Zone Labs
[2010/02/07 16:56:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/07 04:16:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups
[2010/02/07 04:14:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old
[2010/02/07 03:58:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old1
[2010/02/07 03:55:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old2
[2010/02/07 03:51:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backups_old3
[2010/02/07 03:51:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\backupreg
[2010/02/07 03:51:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\editreg.exe
[2010/02/07 03:51:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\rtsdnif.exe
[2010/02/07 03:51:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\attrib.exe
[2010/02/07 03:51:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Owner\dnif.exe
[2010/02/07 00:38:17 | 000,000,000 | ---D | C] -- D:\SDFix
[2010/02/06 22:23:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\77e74bb
[2010/02/06 18:04:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/06 18:04:19 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/06 18:04:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/06 18:04:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Google
[2010/02/06 01:29:02 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\xing shared
[2010/02/06 01:22:13 | 000,233,136 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/06 01:22:00 | 000,207,792 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/06 01:22:00 | 000,087,784 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/06 01:21:45 | 000,070,408 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/06 01:21:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/06 08:04:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/30 00:05:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2009/08/20 19:43:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/07/26 23:30:10 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/09 23:46:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/09 23:46:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/09 23:45:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2008/02/12 16:07:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/02/05 07:55:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Acronis
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\4DW4R3tFaxoeKjWi.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\4DW4R3reaHeVcOUK.dll
[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\4DW4R3LrWhndeqpF.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\4DW4R3jeoPNILSEX.dll
[2010/03/06 22:58:27 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/06 22:55:31 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{6882F2CE-5ECE-4E3A-9EEB-C64DE620B223}.job
[2010/03/06 22:48:13 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/06 22:46:54 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/03/06 22:45:11 | 000,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2010/03/06 22:45:04 | 000,000,236 | ---- | M] () -- D:\WINDOWS\tasks\OGALogon.job
[2010/03/06 22:45:03 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/06 22:45:03 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job
[2010/03/06 22:45:03 | 000,000,416 | ---- | M] () -- D:\WINDOWS\tasks\PCConfidential.job
[2010/03/06 22:45:01 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/03/06 22:44:59 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/03/06 22:44:12 | 007,602,176 | ---- | M] () -- D:\Documents and Settings\Owner\NTUSER.DAT
[2010/03/06 22:43:43 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Owner\ntuser.ini
[2010/03/06 22:42:32 | 013,476,360 | -H-- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/06 22:20:29 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010/03/06 22:16:08 | 000,054,156 | -H-- | M] () -- D:\WINDOWS\QTFont.qfn
[2010/03/06 22:04:01 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/06 18:49:28 | 000,001,409 | ---- | M] () -- D:\WINDOWS\QTFont.for
[2010/03/06 03:49:40 | 000,069,120 | ---- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 20:54:01 | 000,000,056 | -H-- | M] () -- D:\WINDOWS\System32\ezsidmv.dat
[2010/03/02 03:52:25 | 000,465,380 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/03/02 03:52:25 | 000,079,074 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/03/02 03:52:24 | 000,552,218 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 03:11:41 | 000,318,067 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\HijackThis.zip
[2010/03/01 00:08:00 | 000,488,144 | ---- | M] (Soeperman Enterprises Ltd ) -- D:\Documents and Settings\Owner\Desktop\HJTsetup.exe
[2010/02/28 22:35:14 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Owner\s-1-5-21-1343024091-162531612-725345543-1004.rrr
[2010/02/26 17:18:18 | 000,036,352 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\Copy of Dickinson Ave auto and tire revoce revenue expenses.xls
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MpSigStub.exe
[2010/02/24 02:35:10 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/02/24 02:11:43 | 000,010,788 | -HS- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\lpWPnW3FA4HFUpDk38r360k0w
[2010/02/24 02:11:35 | 000,015,418 | -HS- | M] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\6c6c
[2010/02/22 21:26:51 | 000,000,384 | ---- | M] () -- D:\WINDOWS\tasks\SmartDefrag.job
[2010/02/20 14:24:09 | 000,564,720 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\Pink.pptx
[2010/02/20 14:12:42 | 000,292,495 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\My Cats!.pptx
[2010/02/19 14:50:57 | 000,000,245 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\American Tire Distributors - ATDOnline.url
[2010/02/18 11:36:44 | 000,000,342 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\ATT00055.dat
[2010/02/14 01:53:31 | 000,305,152 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\windiag.iso
[2010/02/13 23:44:08 | 000,654,920 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\mtinst.exe
[2010/02/13 12:30:10 | 000,054,414 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\By.docx
[2010/02/13 12:28:12 | 000,016,988 | ---- | M] () -- D:\Documents and Settings\Owner\My Documents\Ammahtullah Mahmoud.docx
[2010/02/12 08:49:47 | 368,742,397 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\Backup.bkf
[2010/02/08 15:29:46 | 000,000,018 | ---- | M] () -- D:\Documents and Settings\Owner\lp1
[2010/02/08 02:44:22 | 000,000,700 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/08 01:07:35 | 007,716,864 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\rc.iso
[2010/02/07 03:37:18 | 000,001,395 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\runas-cspfixrunthis.bat.lnk
[2010/02/07 02:20:48 | 001,529,241 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\SDFix.exe
[2010/02/07 00:36:19 | 000,689,288 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\SDFix.mht
[2010/02/06 01:43:26 | 000,001,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/02/06 01:43:26 | 000,001,750 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/02/06 01:43:26 | 000,001,738 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/02/06 01:30:16 | 000,000,907 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/02/06 01:29:58 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- D:\WINDOWS\System32\rmoc3260.dll
[2010/02/06 01:29:18 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- D:\WINDOWS\System32\pndx5016.dll
[2010/02/06 01:29:18 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- D:\WINDOWS\System32\pndx5032.dll
[2010/02/06 01:28:04 | 000,278,528 | ---- | M] (Real Networks, Inc) -- D:\WINDOWS\System32\pncrt.dll
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\4DW4R3tFaxoeKjWi.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\4DW4R3reaHeVcOUK.dll
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\4DW4R3LrWhndeqpF.sys
[2099/01/01 12:00:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\4DW4R3jeoPNILSEX.dll
[2010/03/06 18:49:28 | 000,054,156 | -H-- | C] () -- D:\WINDOWS\QTFont.qfn
[2010/03/06 18:49:28 | 000,001,409 | ---- | C] () -- D:\WINDOWS\QTFont.for
[2010/03/04 20:54:01 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2010/03/01 03:11:26 | 000,318,067 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\HijackThis.zip
[2010/02/28 22:35:14 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Owner\s-1-5-21-1343024091-162531612-725345543-1004.rrr
[2010/02/23 19:30:39 | 000,010,788 | -HS- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\lpWPnW3FA4HFUpDk38r360k0w
[2010/02/23 15:56:14 | 000,015,418 | -HS- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\6c6c
[2010/02/23 15:26:46 | 000,017,360 | -HS- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\6c6c
[2010/02/18 11:36:44 | 000,000,342 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\ATT00055.dat
[2010/02/14 01:53:30 | 000,305,152 | ---- | C] () -- D:\Documents and Settings\Owner\My Documents\windiag.iso
[2010/02/13 23:43:58 | 000,654,920 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\mtinst.exe
[2010/02/12 07:59:01 | 368,742,397 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\Backup.bkf
[2010/02/10 23:44:19 | 000,027,833 | ---- | C] () -- D:\WINDOWS\UNMRW.cfg
[2010/02/10 00:13:47 | 000,000,245 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\American Tire Distributors - ATDOnline.url
[2010/02/08 15:29:46 | 000,000,018 | ---- | C] () -- D:\Documents and Settings\Owner\lp1
[2010/02/08 02:44:22 | 000,000,700 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/08 00:56:32 | 007,716,864 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\rc.iso
[2010/02/07 03:35:45 | 000,001,395 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\runas-cspfixrunthis.bat.lnk
[2010/02/07 00:37:07 | 001,529,241 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\SDFix.exe
[2010/02/07 00:36:14 | 000,689,288 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\SDFix.mht
[2010/02/06 17:44:52 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Owner\CUSTOM.DICCUSTOM.DIC
[2010/02/06 01:43:26 | 000,001,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/02/06 01:43:26 | 000,001,750 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/02/06 01:43:26 | 000,001,738 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/02/06 01:30:16 | 000,000,907 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/02/06 01:22:13 | 000,007,387 | ---- | C] () -- D:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/06 01:22:00 | 000,007,412 | ---- | C] () -- D:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/06 01:22:00 | 000,007,383 | ---- | C] () -- D:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/06 01:21:45 | 000,007,383 | ---- | C] () -- D:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/03 02:18:08 | 000,000,523 | ---- | C] () -- D:\WINDOWS\odatuzaru.dll
[2010/02/01 15:14:05 | 000,000,523 | ---- | C] () -- D:\WINDOWS\evalininozum.dll
[2010/01/31 20:40:03 | 000,000,523 | ---- | C] () -- D:\WINDOWS\ebozocohofafah.dll
[2010/01/31 18:38:13 | 000,000,523 | ---- | C] () -- D:\WINDOWS\ewosaqit.dll
[2010/01/30 21:23:34 | 000,000,523 | ---- | C] () -- D:\WINDOWS\uluqixiwu.dll
[2010/01/29 17:42:47 | 000,000,043 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\.zreglib
[2010/01/29 12:27:16 | 000,000,523 | ---- | C] () -- D:\WINDOWS\edipucusezejoh.dll
[2010/01/21 15:08:18 | 000,014,115 | ---- | C] () -- D:\WINDOWS\twspmm.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2008/03/05 08:30:40 | 000,286,208 | ---- | C] () -- D:\WINDOWS\System32\cncs232.dll
[2008/03/05 08:30:40 | 000,001,117 | ---- | C] () -- D:\WINDOWS\Treble.ini
[2008/03/05 08:30:40 | 000,000,896 | ---- | C] () -- D:\WINDOWS\Bass.ini
[2008/02/23 20:08:46 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2008/01/29 12:52:35 | 000,069,120 | ---- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2004/10/15 17:31:56 | 000,218,264 | ---- | C] () -- D:\WINDOWS\System32\SetAid.dll
[2004/08/04 05:00:00 | 000,755,200 | ---- | C] () -- D:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 000,200,192 | ---- | C] () -- D:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 000,183,808 | ---- | C] () -- D:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 000,120,320 | ---- | C] () -- D:\WINDOWS\System32\ir41_qc.dll
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- D:\WINDOWS\System32\msvdm.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/06 22:47:07 | 000,000,000 | ---D | M] Unable to obtain MD5 -- D:\WINDOWS\System32\
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/28 05:36:55 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- D:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- D:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
< End of report >



OTL Extras logfile created on: 3/6/2010 10:59:58 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = D:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2560 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.00 Gb Total Space | 3.43 Gb Free Space | 68.52% Space Free | Partition Type: NTFS
Drive D: | 40.02 Gb Total Space | 1.43 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive E: | 31.30 Gb Total Space | 14.01 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2400C4920
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe File not found

[HKEY_USERS\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [sendtotoys1add] -- D:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- D:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- D:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Program Files\Cobian Backup 7\cobui.exe" = D:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface -- (Luis Cobian)
"D:\Program Files\Cobian Backup 7\CobBU.exe" = D:\Program Files\Cobian Backup 7\CobBU.exe:*:Enabled:Cobian Backup 7 Application -- (Luis Cobian)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{88589E19-665C-4575-A4A0-CE9C43C51033}" = Nero 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Al Muhaddith: Prayer Times, V 6.95" = Al Muhaddith: Prayer Times, V 6.95
"alotToolbar" = ALOT Toolbar
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CobBackup7" = Cobian Backup 7
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EMBARQ Help Online" = EMBARQ Help Online
"EMBARQ Remote Control" = EMBARQ Remote Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow" = ffdshow (remove only)
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Happy Note! Treble Clef and Bass Clef" = Happy Note! Treble Clef and Bass Clef
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Send To Toys_is1" = Send To Toys v2.5
"Smart Defrag_is1" = Smart Defrag 1.20
"Sprint.MccInstall" = EMBARQ Help
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stellaluna" = Stellaluna
"Tweak UI 2.10" = Tweak UI
"UltraISO_is1" = UltraISO Premium V8.61
"UnityWebPlayer" = Unity Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-162531612-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Owner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2010 5:13:03 PM | Computer Name = OWNER-2400C4920 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 6:12:59 PM | Computer Name = OWNER-2400C4920 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 7:01:19 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 7:13:06 PM | Computer Name = OWNER-2400C4920 | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 8:00:16 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 8:27:10 PM | Computer Name = OWNER-2400C4920 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10008f08.

Error - 3/6/2010 9:18:25 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 9:30:05 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 11:08:37 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/6/2010 11:53:37 PM | Computer Name = OWNER-2400C4920 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ OSession Events ]
Error - 7/17/2008 1:40:28 PM | Computer Name = OWNER-2400C4920 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4207
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/5/2010 11:18:18 AM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%2

Error - 3/5/2010 11:18:18 AM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The SPCA1528 Video Camera Service service failed to start due to the
following error: %%1058

Error - 3/5/2010 11:20:08 AM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/5/2010 9:42:17 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/5/2010 11:22:21 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%87

Error - 3/6/2010 7:46:40 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%87

Error - 3/6/2010 7:46:40 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%2

Error - 3/6/2010 7:46:40 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7000
Description = The SPCA1528 Video Camera Service service failed to start due to the
following error: %%1058

Error - 3/6/2010 7:48:25 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/6/2010 9:24:08 PM | Computer Name = OWNER-2400C4920 | Source = Service Control Manager | ID = 7023
Description = The Client Service for NetWare service terminated with the following
error: %%2


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 07 March 2010 - 04:38 AM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 07 March 2010 - 09:03 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 08:50:43
Windows 5.1.2600 Service Pack 3
Running: 5k6u9dql.exe; Driver: D:\DOCUME~1\Owner\LOCALS~1\Temp\kflcrfod.sys


---- System - GMER 1.0.15 ----

Code F7916EB5 ZwCallbackReturn
Code F7916979 ZwEnumerateKey
Code F791696F ZwSaveKey
Code F7916974 ZwSaveKeyEx
Code F7916BD2 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwCallbackReturn 804E2CC4 5 Bytes JMP F7916EB9
.text ntoskrnl.exe!IofCompleteRequest 804E3C06 5 Bytes JMP F7916BD7
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 5 Bytes JMP F791697D
PAGE ntoskrnl.exe!ZwSaveKey 8064EE02 5 Bytes JMP F7916973
PAGE ntoskrnl.exe!ZwSaveKeyEx 8064EEED 5 Bytes JMP F7916978
init D:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6F43F80]
.text tcpip.sys!IPTransmit + 10FC EDC0FD3A 6 Bytes CALL F7516E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 EDC11690 6 Bytes CALL F7516E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 EDC27454 6 Bytes CALL F7516E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F696F3FD 7 Bytes CALL F7516FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text D:\WINDOWS\Explorer.EXE[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 020A0001
.text D:\WINDOWS\Explorer.EXE[572] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FD0
.text D:\WINDOWS\Explorer.EXE[572] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002F3D
.text D:\WINDOWS\Explorer.EXE[572] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002FB0
.text D:\WINDOWS\Explorer.EXE[572] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F7E
.text D:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001
.text D:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01450001
.text D:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text D:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001
.text D:\Program Files\Internet Explorer\iexplore.exe[868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[868] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 029B0001
.text D:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text D:\Program Files\Windows Defender\MsMpEng.exe[1204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A90001
.text D:\WINDOWS\system32\hkcmd.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text D:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02140001
.text ...
.text D:\WINDOWS\system32\SearchIndexer.exe[1780] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C D:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text D:\Program Files\Common Files\Motive\McciCMService.exe[1872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007D0001
.text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01780001
.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text D:\Program Files\Windows Defender\MSASCui.exe[2060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text D:\Program Files\Common Files\Real\Update_OB\realsched.exe[2096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text ...
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2488] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text D:\WINDOWS\system32\ctfmon.exe[2564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\iexplore.exe[2704] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007A0001
.text D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[2960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AE0001
.text D:\WINDOWS\system32\wbem\wmiprvse.exe[3332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00780001
.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text D:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00790001
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7517B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7517B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7517B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7517B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7517B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F75178E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7517B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7517C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7517BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Program Files\Internet Explorer\iexplore.exe[2488] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT D:\Program Files\Internet Explorer\iexplore.exe[2704] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service D:\WINDOWS\system32\drivers\4DW4R3OFyEiucumY.sys (*** hidden *** ) [SYSTEM] 4DW4R3 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\connections@505db6e6
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet001\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3oYiwtdSHTq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\connections@505db6e6
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3oYiwtdSHTq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\connections
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\connections@505db6e6
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3oYiwtdSHTq.dll
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\connections@505db6e6
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet004\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3oYiwtdSHTq.dll
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\connections@505db6e6
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3OFyEiucumY.sys
Reg HKLM\SYSTEM\ControlSet005\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3oYiwtdSHTq.dll

---- Files - GMER 1.0.15 ----

File D:\WINDOWS\system32\4DW4R3iPexawXNOK.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3NvYmIWrxBW.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3TqiGjKeCSA.dll 28160 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3GvVOooxxHS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3PmowXbqBUy.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3vvptDeBpeY.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3wwyfDembQs.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3XHoQYujUje.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3xMteWBvnba.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3XpplrkkNTR.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3yDPgruLbxu.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3ynOQivMcbv.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3YrWDjMXptk.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3gWDbvTAVvC.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3GYyWyBpwlU.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3hdafqUIsXO.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3hDxewpqEyq.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3HrRSQBpbvb.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3hsPWhpIsnP.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3iNsSPibjYu.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3JMxPImXaYq.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3kBrtEtDVqO.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3kfmEBoPwyS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3kIeXcrpKbw.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3kJEKbfXGOD.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3KMIVLykduf.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3KMplGItUja.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3KVPxwsHRji.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3LyUtceidMl.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3mbwwbtQnyy.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3MgidPXePnp.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3MPiWQCEQud.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3OFyEiucumY.sys 46592 bytes executable <-- ROOTKIT !!!
File D:\WINDOWS\system32\drivers\4DW4R3oGusiEdtWt.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3OstLGrJXLE.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3OxKxPfrYBj.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3oxLaQabKly.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3PGyFLecOvs.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3PRnBraeSuV.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3puNxRaOFJS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3puRSDldaav.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3PuTmrbLxjP.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3pwSaGFahnj.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3qakdQHywky.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3QhhYbyWWpn.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3QLBOPUQwOn.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3RHlgoQoQSg.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3rkfmOlgEJy.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3RvENYBiQXm.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3SGVyRFmxDi.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3sitbMYjtsU.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3snlRHDROYM.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3StRpvXFDih.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3sYuQXtWUQa.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3TAalquukUk.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3tbyefHwMQL.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3TQLSdrLPQS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3ttEXUbxlDY.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3tUtVleVMtm.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3UbXiURkmdb.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3UrUMMwttac.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3UwGMOoYfcN.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3UYkiqmXYhN.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3vIicwXIGef.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3aKiDpCxPeS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3AuSedxFeNS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3bfxmUUcbTH.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3BmteBfkMDQ.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3bsPXlyNEaS.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3BtdbmxjnVq.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3dMBuqPKpCh.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3EctQVWREvb.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3edPiaXovEY.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3exbinFmlhs.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3flePdiQbEt.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3ghPtUqWnlc.sys 46592 bytes executable
File D:\WINDOWS\system32\drivers\4DW4R3gsHlDbVyXN.sys 46592 bytes executable
File D:\WINDOWS\system32\4DW4R3JfWWOdPlmO.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3juBOnYDeUK.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3kbCUFmYund.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3kEKUGnEUMD.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3kfvOlNRulB.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3kUXTbBQrQW.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3kVOGoBhOlc.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3lbSsfaWxIX.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3LSdtPyycyK.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3McIFbVlqoK.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3mcWVVDFHbJ.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3mIcswVkIRh.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3MjFncaxhwj.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3mlHMblLQmY.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3MOLgvEiXxv.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3mSNPIQMdhR.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3mYSgoGXjsP.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3njluoykljv.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3nrDimweCmf.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3NVTwEVfpVQ.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3UmuemIVsBr.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3uOrPQfQLaI.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3utcaeAhhou.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3VGKWDOoWsa.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3vskcidfLPd.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3vvLNSIwPMC.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3WCvXdmivwv.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3wEPOxiKlst.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3WOWIXRqFdP.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3WqxleLJuFK.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3WrBvXkOqBk.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3WtWMrYEWQX.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3xipuTtmtic.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3xmLBCoipia.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3xrWQMrUlPR.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3XVmAdKsfQJ.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3adNtPuelGF.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3AIkHgqhqIB.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3aWXCLDRqho.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3bDUgkaHxTI.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3c.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3DqeXwthBtv.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3DwptPJTswd.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3eakvtCCXfL.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3ECNrIoXRXx.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3edtXkSoYiU.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3eHksRhBXpS.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3eMrewnxdHr.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3eYrKLjohpr.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3FQMHlmeSvX.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3FQWpgplTXI.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3fTtlNntedp.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3GHDmyTTRlB.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3HDkptvmPtI.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3oqpsbudvyT.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3oYiwtdSHTq.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3PkyNeUoYGW.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3PMkcUTBrha.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3pPpWHnPaeP.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3PvpwTFHvMf.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3pYCrrfuxfn.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3qIMpawpfOr.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3rJbmmTulRL.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3rsqnjJnJiO.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3SgtXkfXqXM.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3sPxQmIVRkq.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3sv.dat 53 bytes
File D:\WINDOWS\system32\4DW4R3sWOARiMQSN.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3tdKiXlYNqE.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3TDrPQqmKLd.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3TLDTAHljtX.dll 28160 bytes executable
File D:\WINDOWS\system32\4DW4R3TlroBnpgsf.dll 28160 bytes executable
File D:\WINDOWS\Temp\4DW4R310a3c 53 bytes
File D:\WINDOWS\Temp\4DW4R3180a0d 53 bytes
File D:\WINDOWS\Temp\4DW4R31a93b6 53 bytes
File D:\WINDOWS\Temp\4DW4R348612c 53 bytes
File D:\WINDOWS\Temp\4DW4R35f4855 53 bytes
File D:\WINDOWS\Temp\4DW4R3181c5d 53 bytes
File D:\WINDOWS\Temp\4DW4R3187bdf3 53 bytes
File D:\WINDOWS\Temp\4DW4R319382d 53 bytes
File D:\WINDOWS\Temp\4DW4R319ea50c 53 bytes
File D:\WINDOWS\Temp\4DW4R31b58bf6 53 bytes
File D:\WINDOWS\Temp\4DW4R31cc7300 53 bytes
File D:\WINDOWS\Temp\4DW4R31e359cb 53 bytes
File D:\WINDOWS\Temp\4DW4R324db8 53 bytes
File D:\WINDOWS\Temp\4DW4R32f04ae 53 bytes
File D:\WINDOWS\Temp\4DW4R3301f07 53 bytes
File D:\WINDOWS\Temp\4DW4R3317a42 53 bytes
File D:\WINDOWS\Temp\4DW4R33a912 53 bytes
File D:\WINDOWS\Temp\4DW4R345ec15 53 bytes
File D:\WINDOWS\Temp\4DW4R3470882 53 bytes
File D:\WINDOWS\Temp\4DW4R35cd551 53 bytes
File D:\WINDOWS\Temp\4DW4R35df17f 53 bytes
File D:\WINDOWS\Temp\4DW4R374d8d7 53 bytes
File D:\WINDOWS\Temp\4DW4R38bbfa2 53 bytes
File D:\WINDOWS\Temp\4DW4R3a2a64e 53 bytes
File D:\WINDOWS\Temp\4DW4R3b98d19 53 bytes
File D:\WINDOWS\Temp\4DW4R3d073b5 53 bytes
File D:\WINDOWS\Temp\4DW4R3e75a32 53 bytes
File D:\WINDOWS\Temp\4DW4R3fe410c 53 bytes
File D:\WINDOWS\Temp\4DW4R311527d7 53 bytes
File D:\WINDOWS\Temp\4DW4R312304 53 bytes
File D:\WINDOWS\Temp\4DW4R312c0e64 53 bytes
File D:\WINDOWS\Temp\4DW4R3142f56d 53 bytes
File D:\WINDOWS\Temp\4DW4R3159eef5 53 bytes
File D:\WINDOWS\Temp\4DW4R3170d6ab 53 bytes

---- EOF - GMER 1.0.15 ----

I just want to say thank you so much for helpping, and after this thing is done, i will make sure to donate something to keep you guys going on.
thank you.
habib.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 07 March 2010 - 09:09 AM

Hi,

I have bad news I'm sorry to say. You have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 07 March 2010 - 11:24 AM

C:\ComboFix.txt


ComboFix 10-03-06.07 - Owner 03/07/2010 10:53:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.467 [GMT -5:00]
Running from: d:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Owner\Application Data\alot
d:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml
d:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
d:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml
d:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup
d:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml
d:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup
d:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml
d:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup
d:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml
d:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup
d:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml
d:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup
d:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml
d:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml.backup
d:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml
d:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml.backup
d:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml
d:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
d:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml
d:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
d:\documents and settings\Owner\Application Data\alot\products\products.xml
d:\documents and settings\Owner\Application Data\alot\products\products.xml.backup
d:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
d:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
d:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_image_search.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_news_search.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_web_search.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\alot_configure.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1588_solitaire.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1588_solitaire.png
d:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\2354_icon.png
d:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_icon.png
d:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\domains.dat
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\discover.png
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\intro_popup.png
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
d:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
d:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml
d:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup
d:\documents and settings\Owner\Application Data\alot\toolbar.xml
d:\documents and settings\Owner\Application Data\alot\toolbar.xml.backup
d:\documents and settings\Owner\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
d:\documents and settings\Owner\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
d:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
d:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml
d:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml.backup
d:\program files\alot
d:\program files\alot\alotUninst.exe
d:\program files\alot\bin\alot.dll
d:\program files\alot\bin\BHO\alotBHO.dll
d:\windows\ebozocohofafah.dll
d:\windows\edipucusezejoh.dll
d:\windows\evalininozum.dll
d:\windows\ewosaqit.dll
d:\windows\odatuzaru.dll
d:\windows\system\oeminfo.ini
d:\windows\system32\4DW4R3adNtPuelGF.dll
d:\windows\system32\4DW4R3AIkHgqhqIB.dll
d:\windows\system32\4DW4R3aWXCLDRqho.dll
d:\windows\system32\4DW4R3bDUgkaHxTI.dll
d:\windows\system32\4DW4R3c.dll
d:\windows\system32\4DW4R3DEbmvKedtP.dll
d:\windows\system32\4DW4R3DqeXwthBtv.dll
d:\windows\system32\4DW4R3DwptPJTswd.dll
d:\windows\system32\4DW4R3eakvtCCXfL.dll
d:\windows\system32\4DW4R3ECNrIoXRXx.dll
d:\windows\system32\4DW4R3edtXkSoYiU.dll
d:\windows\system32\4DW4R3eHksRhBXpS.dll
d:\windows\system32\4DW4R3eMrewnxdHr.dll
d:\windows\system32\4DW4R3eYrKLjohpr.dll
d:\windows\system32\4DW4R3FQMHlmeSvX.dll
d:\windows\system32\4DW4R3FQWpgplTXI.dll
d:\windows\system32\4DW4R3fTtlNntedp.dll
d:\windows\system32\4DW4R3GHDmyTTRlB.dll
d:\windows\system32\4DW4R3HDkptvmPtI.dll
d:\windows\system32\4DW4R3iPexawXNOK.dll
d:\windows\system32\4DW4R3jeoPNILSEX.dll
d:\windows\system32\4DW4R3JfWWOdPlmO.dll
d:\windows\system32\4DW4R3juBOnYDeUK.dll
d:\windows\system32\4DW4R3kbCUFmYund.dll
d:\windows\system32\4DW4R3kEKUGnEUMD.dll
d:\windows\system32\4DW4R3kfvOlNRulB.dll
d:\windows\system32\4DW4R3kUXTbBQrQW.dll
d:\windows\system32\4DW4R3kVOGoBhOlc.dll
d:\windows\system32\4DW4R3lbSsfaWxIX.dll
d:\windows\system32\4DW4R3LSdtPyycyK.dll
d:\windows\system32\4DW4R3McIFbVlqoK.dll
d:\windows\system32\4DW4R3mcWVVDFHbJ.dll
d:\windows\system32\4DW4R3mIcswVkIRh.dll
d:\windows\system32\4DW4R3MjFncaxhwj.dll
d:\windows\system32\4DW4R3mlHMblLQmY.dll
d:\windows\system32\4DW4R3MOLgvEiXxv.dll
d:\windows\system32\4DW4R3mSNPIQMdhR.dll
d:\windows\system32\4DW4R3mYSgoGXjsP.dll
d:\windows\system32\4DW4R3njluoykljv.dll
d:\windows\system32\4DW4R3nrDimweCmf.dll
d:\windows\system32\4DW4R3NVTwEVfpVQ.dll
d:\windows\system32\4DW4R3NvYmIWrxBW.dll
d:\windows\system32\4DW4R3oqpsbudvyT.dll
d:\windows\system32\4DW4R3oYiwtdSHTq.dll
d:\windows\system32\4DW4R3PkyNeUoYGW.dll
d:\windows\system32\4DW4R3PMkcUTBrha.dll
d:\windows\system32\4DW4R3pPpWHnPaeP.dll
d:\windows\system32\4DW4R3PvpwTFHvMf.dll
d:\windows\system32\4DW4R3pYCrrfuxfn.dll
d:\windows\system32\4DW4R3qIMpawpfOr.dll
d:\windows\system32\4DW4R3reaHeVcOUK.dll
d:\windows\system32\4DW4R3rJbmmTulRL.dll
d:\windows\system32\4DW4R3rsqnjJnJiO.dll
d:\windows\system32\4DW4R3SgtXkfXqXM.dll
d:\windows\system32\4DW4R3sPxQmIVRkq.dll
d:\windows\system32\4DW4R3sv.dat
d:\windows\system32\4DW4R3sWOARiMQSN.dll
d:\windows\system32\4DW4R3tdKiXlYNqE.dll
d:\windows\system32\4DW4R3TDrPQqmKLd.dll
d:\windows\system32\4DW4R3TLDTAHljtX.dll
d:\windows\system32\4DW4R3TlroBnpgsf.dll
d:\windows\system32\4DW4R3TqiGjKeCSA.dll
d:\windows\system32\4DW4R3UgnxanwoJY.dll
d:\windows\system32\4DW4R3UmuemIVsBr.dll
d:\windows\system32\4DW4R3uOrPQfQLaI.dll
d:\windows\system32\4DW4R3utcaeAhhou.dll
d:\windows\system32\4DW4R3VGKWDOoWsa.dll
d:\windows\system32\4DW4R3vskcidfLPd.dll
d:\windows\system32\4DW4R3vvLNSIwPMC.dll
d:\windows\system32\4DW4R3WCvXdmivwv.dll
d:\windows\system32\4DW4R3wEPOxiKlst.dll
d:\windows\system32\4DW4R3WOWIXRqFdP.dll
d:\windows\system32\4DW4R3WqcOikpuGw.dll
d:\windows\system32\4DW4R3WqxleLJuFK.dll
d:\windows\system32\4DW4R3WrBvXkOqBk.dll
d:\windows\system32\4DW4R3WtWMrYEWQX.dll
d:\windows\system32\4DW4R3xipuTtmtic.dll
d:\windows\system32\4DW4R3xmLBCoipia.dll
d:\windows\system32\4DW4R3xrWQMrUlPR.dll
d:\windows\system32\4DW4R3XVmAdKsfQJ.dll
d:\windows\system32\aqlb.hjo
d:\windows\system32\drivers\4DW4R3.sys
d:\windows\system32\drivers\4DW4R3aKiDpCxPeS.sys
d:\windows\system32\drivers\4DW4R3AuSedxFeNS.sys
d:\windows\system32\drivers\4DW4R3bfxmUUcbTH.sys
d:\windows\system32\drivers\4DW4R3BmteBfkMDQ.sys
d:\windows\system32\drivers\4DW4R3bsPXlyNEaS.sys
d:\windows\system32\drivers\4DW4R3BtdbmxjnVq.sys
d:\windows\system32\drivers\4DW4R3dMBuqPKpCh.sys
d:\windows\system32\drivers\4DW4R3EctQVWREvb.sys
d:\windows\system32\drivers\4DW4R3edPiaXovEY.sys
d:\windows\system32\drivers\4DW4R3exbinFmlhs.sys
d:\windows\system32\drivers\4DW4R3fkCLjBxmmM.sys
d:\windows\system32\drivers\4DW4R3flePdiQbEt.sys
d:\windows\system32\drivers\4DW4R3ghPtUqWnlc.sys
d:\windows\system32\drivers\4DW4R3gsHlDbVyXN.sys
d:\windows\system32\drivers\4DW4R3GvVOooxxHS.sys
d:\windows\system32\drivers\4DW4R3gWDbvTAVvC.sys
d:\windows\system32\drivers\4DW4R3GYyWyBpwlU.sys
d:\windows\system32\drivers\4DW4R3hdafqUIsXO.sys
d:\windows\system32\drivers\4DW4R3hDxewpqEyq.sys
d:\windows\system32\drivers\4DW4R3HrRSQBpbvb.sys
d:\windows\system32\drivers\4DW4R3hsPWhpIsnP.sys
d:\windows\system32\drivers\4DW4R3iNsSPibjYu.sys
d:\windows\system32\drivers\4DW4R3JMxPImXaYq.sys
d:\windows\system32\drivers\4DW4R3kBrtEtDVqO.sys
d:\windows\system32\drivers\4DW4R3kfmEBoPwyS.sys
d:\windows\system32\drivers\4DW4R3kIeXcrpKbw.sys
d:\windows\system32\drivers\4DW4R3kJEKbfXGOD.sys
d:\windows\system32\drivers\4DW4R3KMIVLykduf.sys
d:\windows\system32\drivers\4DW4R3KMplGItUja.sys
d:\windows\system32\drivers\4DW4R3KVPxwsHRji.sys
d:\windows\system32\drivers\4DW4R3LrWhndeqpF.sys
d:\windows\system32\drivers\4DW4R3LyUtceidMl.sys
d:\windows\system32\drivers\4DW4R3mbwwbtQnyy.sys
d:\windows\system32\drivers\4DW4R3MgidPXePnp.sys
d:\windows\system32\drivers\4DW4R3MPiWQCEQud.sys
d:\windows\system32\drivers\4DW4R3OFyEiucumY.sys
d:\windows\system32\drivers\4DW4R3oGusiEdtWt.sys
d:\windows\system32\drivers\4DW4R3OstLGrJXLE.sys
d:\windows\system32\drivers\4DW4R3OxKxPfrYBj.sys
d:\windows\system32\drivers\4DW4R3oxLaQabKly.sys
d:\windows\system32\drivers\4DW4R3PGyFLecOvs.sys
d:\windows\system32\drivers\4DW4R3PmowXbqBUy.sys
d:\windows\system32\drivers\4DW4R3PRnBraeSuV.sys
d:\windows\system32\drivers\4DW4R3puNxRaOFJS.sys
d:\windows\system32\drivers\4DW4R3puRSDldaav.sys
d:\windows\system32\drivers\4DW4R3PuTmrbLxjP.sys
d:\windows\system32\drivers\4DW4R3pwSaGFahnj.sys
d:\windows\system32\drivers\4DW4R3qakdQHywky.sys
d:\windows\system32\drivers\4DW4R3QhhYbyWWpn.sys
d:\windows\system32\drivers\4DW4R3qHmtsrrvwE.sys
d:\windows\system32\drivers\4DW4R3QLBOPUQwOn.sys
d:\windows\system32\drivers\4DW4R3RHlgoQoQSg.sys
d:\windows\system32\drivers\4DW4R3riYQyVnPGn.sys
d:\windows\system32\drivers\4DW4R3rkfmOlgEJy.sys
d:\windows\system32\drivers\4DW4R3RvENYBiQXm.sys
d:\windows\system32\drivers\4DW4R3SGVyRFmxDi.sys
d:\windows\system32\drivers\4DW4R3sitbMYjtsU.sys
d:\windows\system32\drivers\4DW4R3snlRHDROYM.sys
d:\windows\system32\drivers\4DW4R3StRpvXFDih.sys
d:\windows\system32\drivers\4DW4R3sYuQXtWUQa.sys
d:\windows\system32\drivers\4DW4R3TAalquukUk.sys
d:\windows\system32\drivers\4DW4R3tbyefHwMQL.sys
d:\windows\system32\drivers\4DW4R3tFaxoeKjWi.sys
d:\windows\system32\drivers\4DW4R3TQLSdrLPQS.sys
d:\windows\system32\drivers\4DW4R3ttEXUbxlDY.sys
d:\windows\system32\drivers\4DW4R3tUtVleVMtm.sys
d:\windows\system32\drivers\4DW4R3UbXiURkmdb.sys
d:\windows\system32\drivers\4DW4R3UrUMMwttac.sys
d:\windows\system32\drivers\4DW4R3UwGMOoYfcN.sys
d:\windows\system32\drivers\4DW4R3UYkiqmXYhN.sys
d:\windows\system32\drivers\4DW4R3vIicwXIGef.sys
d:\windows\system32\drivers\4DW4R3vvptDeBpeY.sys
d:\windows\system32\drivers\4DW4R3wwyfDembQs.sys
d:\windows\system32\drivers\4DW4R3XHoQYujUje.sys
d:\windows\system32\drivers\4DW4R3xMteWBvnba.sys
d:\windows\system32\drivers\4DW4R3XpplrkkNTR.sys
d:\windows\system32\drivers\4DW4R3yDPgruLbxu.sys
d:\windows\system32\drivers\4DW4R3ynOQivMcbv.sys
d:\windows\system32\drivers\4DW4R3YrWDjMXptk.sys
d:\windows\uluqixiwu.dll
E:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4DW4R3
-------\Legacy_4DW4R3


((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 23:47 . 2010-03-06 23:49 -------- dc----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-05 01:54 . 2010-03-05 01:54 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-03-05 01:54 . 2010-03-05 01:54 -------- dc----w- d:\documents and settings\Owner\Application Data\skypePM
2010-03-04 23:25 . 2010-03-05 02:20 -------- dc----w- d:\documents and settings\Owner\Application Data\Skype
2010-03-04 23:22 . 2010-03-05 02:20 -------- d-----r- d:\program files\Skype
2010-03-01 08:12 . 2010-03-01 08:12 -------- d-----w- d:\program files\New Folder
2010-02-20 16:03 . 2010-02-20 16:05 -------- dc----w- d:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-02-11 08:30 . 2010-02-11 08:30 -------- d-----w- d:\program files\Cobian Backup 7
2010-02-11 06:09 . 2010-02-11 08:22 -------- d-----w- d:\program files\Cobian Backup 8
2010-02-11 04:44 . 2010-02-11 04:44 -------- d-----w- d:\program files\Ahead
2010-02-11 04:44 . 2003-08-21 21:56 25520 ------w- d:\windows\system32\drivers\incdrm.sys
2010-02-11 04:44 . 2003-08-20 22:30 1277952 ------w- d:\windows\UNMRW.exe
2010-02-08 07:44 . 2010-02-08 07:44 -------- d-----w- d:\program files\SpywareBlaster
2010-02-08 06:17 . 2010-02-08 06:17 -------- d-----w- d:\program files\Zone Labs
2010-02-07 09:16 . 2010-02-07 09:16 -------- d-----w- d:\documents and settings\Owner\backups
2010-02-07 09:14 . 2010-02-07 09:14 -------- d-----w- d:\documents and settings\Owner\backups_old
2010-02-07 08:58 . 2010-02-07 08:58 -------- d-----w- d:\documents and settings\Owner\backups_old1
2010-02-07 08:55 . 2010-02-07 08:55 -------- d-----w- d:\documents and settings\Owner\backups_old2
2010-02-07 08:51 . 2010-02-07 08:51 -------- d-----w- d:\documents and settings\Owner\backups_old3
2010-02-07 08:51 . 2010-02-07 08:51 -------- d-----w- d:\documents and settings\Owner\backupreg
2010-02-07 08:51 . 2008-04-14 00:12 146432 -c----w- d:\documents and settings\Owner\editreg.exe
2010-02-07 08:51 . 2008-04-14 00:12 27136 -c----w- d:\documents and settings\Owner\rtsdnif.exe
2010-02-07 08:51 . 2008-04-14 00:12 12288 -c----w- d:\documents and settings\Owner\attrib.exe
2010-02-07 08:51 . 2004-08-04 10:00 9216 -c----w- d:\documents and settings\Owner\dnif.exe
2010-02-07 05:38 . 2008-11-06 07:03 -------- d-----w- D:\SDFix
2010-02-07 03:23 . 2010-02-07 03:23 -------- dc----w- d:\documents and settings\All Users\Application Data\77e74bb
2010-02-06 23:04 . 2010-02-06 23:04 -------- dcsh--w- d:\documents and settings\LocalService\PrivacIE
2010-02-06 23:04 . 2010-02-06 23:04 -------- dcsh--w- d:\documents and settings\LocalService\IECompatCache
2010-02-06 06:29 . 2010-02-06 06:29 -------- d-----w- d:\program files\Common Files\xing shared
2010-02-06 06:22 . 2009-10-30 16:11 233136 ----a-w- d:\windows\system32\drivers\pctgntdi.sys
2010-02-06 06:22 . 2009-11-09 16:20 207792 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2010-02-06 06:22 . 2009-10-06 21:31 87784 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 06:21 . 2009-09-03 14:45 70408 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2010-02-06 06:21 . 2010-02-06 06:21 -------- dc----w- d:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 16:08 . 2008-01-29 17:43 -------- dc--a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-07 16:08 . 2008-07-11 00:05 -------- d---a-w- d:\program files\Al Muhaddith
2010-03-07 11:31 . 2008-01-29 17:43 -------- d-----w- d:\program files\Spyware Doctor
2010-03-04 23:24 . 2008-01-29 17:38 -------- d-----w- d:\program files\Google
2010-03-04 23:22 . 2008-01-29 17:48 -------- dc----w- d:\documents and settings\All Users\Application Data\Skype
2010-02-24 14:16 . 2009-10-03 06:25 181632 ------w- d:\windows\system32\MpSigStub.exe
2010-02-24 10:57 . 2008-02-04 18:01 -------- dc----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 04:21 . 2008-01-29 17:40 -------- d-----w- d:\program files\Picasa2
2010-02-06 06:36 . 2008-01-29 17:38 -------- dc----w- d:\documents and settings\All Users\Application Data\Google Updater
2010-02-06 06:30 . 2008-01-29 17:46 -------- d-----w- d:\program files\Common Files\Real
2010-02-06 06:23 . 2009-05-26 09:58 -------- d-----w- d:\program files\Common Files\PC Tools
2010-01-26 17:59 . 2009-03-19 09:24 -------- d-----w- d:\program files\Microsoft Silverlight
2010-01-21 20:08 . 2010-01-21 20:08 -------- d-----w- d:\program files\SPCA1528
2010-01-21 20:08 . 2008-01-17 16:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-03-04 03:33 916480 ----a-w- d:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-01-17 16:29 343040 ----a-w- d:\windows\system32\mspaint.exe
2009-12-15 20:53 . 2008-02-24 01:22 69232 ------w- d:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- d:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-03-30 01:23 2189184 ----a-w- d:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-30 01:01 2066048 ----a-w- d:\windows\system32\ntkrnlpa.exe
2008-08-01 22:38 . 2008-08-01 22:38 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 68856]
"Yahoo! Pager"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
"RegistryMechanic"="d:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CloneCDTray"="d:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-20 94208]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Windows Defender"="d:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-06 198160]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192]

d:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBARQ Help.lnk - d:\program files\Virtual Assistant\bin\matcli.exe [2008-6-27 217088]
Prayer Times.lnk - c:\had\PTW.EXE [2009-7-5 4672512]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Cobian Backup 7\\cobui.exe"=
"d:\\Program Files\\Cobian Backup 7\\CobBU.exe"=

R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2/6/2010 1:22 AM 207792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2009 8:31 AM 24652]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 Ca1528av;SPCA1528 Video Camera Service;d:\windows\system32\drivers\Ca1528av.sys [1/21/2010 3:08 PM 516480]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:59 AM 135664]
S3 Bulk1528;SPCA1528 Still Camera Service;d:\windows\system32\drivers\Bulk1528.sys [1/21/2010 3:08 PM 11648]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/6/2010 1:39 AM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [6/23/2008 11:32 PM 359624]
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 06:36]

2010-03-07 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:58]

2010-03-07 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:58]

2010-03-07 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-03-07 d:\windows\Tasks\OGALogon.job
- d:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-02-23 d:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-19 13:22]

2010-03-07 d:\windows\Tasks\User_Feed_Synchronization-{6882F2CE-5ECE-4E3A-9EEB-C64DE620B223}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.alot.com/?client_id=99EA865001CABB1D0DB57294&install_time=2010-03-03T22:05Z&src_id=11247&camp_id=732&tb_version=2.5.9000.490
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=99EA865001CABB1D0DB57294&src_id=11247&camp_id=732&tb_version=2.5.9000.490
IE: &Windows Live Search
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file:///D:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-Skype - d:\program files\Skype\Phone\Skype.exe
AddRemove-alotToolbar - d:\program files\alot\alotUninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 11:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2360)
d:\windows\system32\WININET.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\program files\Windows Desktop Search\deskbar.dll
d:\program files\Windows Desktop Search\en-us\dbres.dll.mui
d:\program files\Windows Desktop Search\dbres.dll
d:\program files\Windows Desktop Search\wordwheel.dll
d:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
d:\program files\Windows Desktop Search\msnlExtRes.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Motive\McciCMService.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\windows\system32\SearchIndexer.exe
d:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
d:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-03-07 11:15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-07 16:15

Pre-Run: 2,645,655,552 bytes free
Post-Run: 2,915,377,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 7CE0BC270BFF1283FDB4F0D1EB6B9912


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 07 March 2010 - 01:15 PM

Hi,

this looks good. ComboFix took care of a lot of infections! smile.gif How's your PC doing?

There are a couple of leftovers, please run another scan:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Folder::
d:\documents and settings\All Users\Application Data\77e74bb


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

Edited by myrti, 07 March 2010 - 01:16 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 07 March 2010 - 03:22 PM

ComboFix 10-03-07.02 - Owner 03/07/2010 14:36:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.409 [GMT -5:00]
Running from: d:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Owner\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\Application Data\77e74bb

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 23:47 . 2010-03-06 23:49 -------- dc----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-05 01:54 . 2010-03-05 01:54 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-03-05 01:54 . 2010-03-05 01:54 -------- dc----w- d:\documents and settings\Owner\Application Data\skypePM
2010-03-04 23:25 . 2010-03-05 02:20 -------- dc----w- d:\documents and settings\Owner\Application Data\Skype
2010-03-04 23:22 . 2010-03-05 02:20 -------- d-----r- d:\program files\Skype
2010-03-01 08:12 . 2010-03-01 08:12 -------- d-----w- d:\program files\New Folder
2010-02-20 16:03 . 2010-02-20 16:05 -------- dc----w- d:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-02-11 08:30 . 2010-02-11 08:30 -------- d-----w- d:\program files\Cobian Backup 7
2010-02-11 06:09 . 2010-02-11 08:22 -------- d-----w- d:\program files\Cobian Backup 8
2010-02-11 04:44 . 2010-02-11 04:44 -------- d-----w- d:\program files\Ahead
2010-02-11 04:44 . 2003-08-21 21:56 25520 ------w- d:\windows\system32\drivers\incdrm.sys
2010-02-11 04:44 . 2003-08-20 22:30 1277952 ------w- d:\windows\UNMRW.exe
2010-02-08 07:44 . 2010-02-08 07:44 -------- d-----w- d:\program files\SpywareBlaster
2010-02-08 06:17 . 2010-02-08 06:17 -------- d-----w- d:\program files\Zone Labs
2010-02-07 09:16 . 2010-02-07 09:16 -------- d-----w- d:\documents and settings\Owner\backups
2010-02-07 09:14 . 2010-02-07 09:14 -------- d-----w- d:\documents and settings\Owner\backups_old
2010-02-07 08:58 . 2010-02-07 08:58 -------- d-----w- d:\documents and settings\Owner\backups_old1
2010-02-07 08:55 . 2010-02-07 08:55 -------- d-----w- d:\documents and settings\Owner\backups_old2
2010-02-07 08:51 . 2010-02-07 08:51 -------- d-----w- d:\documents and settings\Owner\backups_old3
2010-02-07 08:51 . 2010-02-07 08:51 -------- d-----w- d:\documents and settings\Owner\backupreg
2010-02-07 08:51 . 2008-04-14 00:12 146432 -c----w- d:\documents and settings\Owner\editreg.exe
2010-02-07 08:51 . 2008-04-14 00:12 27136 -c----w- d:\documents and settings\Owner\rtsdnif.exe
2010-02-07 08:51 . 2008-04-14 00:12 12288 -c----w- d:\documents and settings\Owner\attrib.exe
2010-02-07 08:51 . 2004-08-04 10:00 9216 -c----w- d:\documents and settings\Owner\dnif.exe
2010-02-07 05:38 . 2008-11-06 07:03 -------- d-----w- D:\SDFix
2010-02-06 23:04 . 2010-02-06 23:04 -------- dcsh--w- d:\documents and settings\LocalService\PrivacIE
2010-02-06 23:04 . 2010-02-06 23:04 -------- dcsh--w- d:\documents and settings\LocalService\IECompatCache
2010-02-06 06:29 . 2010-02-06 06:29 -------- d-----w- d:\program files\Common Files\xing shared
2010-02-06 06:22 . 2009-10-30 16:11 233136 ----a-w- d:\windows\system32\drivers\pctgntdi.sys
2010-02-06 06:22 . 2009-11-09 16:20 207792 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2010-02-06 06:22 . 2009-10-06 21:31 87784 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 06:21 . 2009-09-03 14:45 70408 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2010-02-06 06:21 . 2010-02-06 06:21 -------- dc----w- d:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 19:09 . 2008-01-29 17:43 -------- dc--a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-07 19:09 . 2008-07-11 00:05 -------- d---a-w- d:\program files\Al Muhaddith
2010-03-07 11:31 . 2008-01-29 17:43 -------- d-----w- d:\program files\Spyware Doctor
2010-03-04 23:24 . 2008-01-29 17:38 -------- d-----w- d:\program files\Google
2010-03-04 23:22 . 2008-01-29 17:48 -------- dc----w- d:\documents and settings\All Users\Application Data\Skype
2010-02-24 14:16 . 2009-10-03 06:25 181632 ------w- d:\windows\system32\MpSigStub.exe
2010-02-24 10:57 . 2008-02-04 18:01 -------- dc----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 04:21 . 2008-01-29 17:40 -------- d-----w- d:\program files\Picasa2
2010-02-06 06:36 . 2008-01-29 17:38 -------- dc----w- d:\documents and settings\All Users\Application Data\Google Updater
2010-02-06 06:30 . 2008-01-29 17:46 -------- d-----w- d:\program files\Common Files\Real
2010-02-06 06:23 . 2009-05-26 09:58 -------- d-----w- d:\program files\Common Files\PC Tools
2010-01-26 17:59 . 2009-03-19 09:24 -------- d-----w- d:\program files\Microsoft Silverlight
2010-01-21 20:08 . 2010-01-21 20:08 -------- d-----w- d:\program files\SPCA1528
2010-01-21 20:08 . 2008-01-17 16:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-03-04 03:33 916480 ------w- d:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-01-17 16:29 343040 ----a-w- d:\windows\system32\mspaint.exe
2009-12-15 20:53 . 2008-02-24 01:22 69232 ------w- d:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- d:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-03-30 01:23 2189184 ------w- d:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-30 01:01 2066048 ------w- d:\windows\system32\ntkrnlpa.exe
2008-08-01 22:38 . 2008-08-01 22:38 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 68856]
"Yahoo! Pager"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
"RegistryMechanic"="d:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CloneCDTray"="d:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-20 94208]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Windows Defender"="d:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-06 198160]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192]

d:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBARQ Help.lnk - d:\program files\Virtual Assistant\bin\matcli.exe [2008-6-27 217088]
Prayer Times.lnk - c:\had\PTW.EXE [2009-7-5 4672512]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Cobian Backup 7\\cobui.exe"=
"d:\\Program Files\\Cobian Backup 7\\CobBU.exe"=

R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2/6/2010 1:22 AM 207792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2009 8:31 AM 24652]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 Ca1528av;SPCA1528 Video Camera Service;d:\windows\system32\drivers\Ca1528av.sys [1/21/2010 3:08 PM 516480]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:59 AM 135664]
S3 Bulk1528;SPCA1528 Still Camera Service;d:\windows\system32\drivers\Bulk1528.sys [1/21/2010 3:08 PM 11648]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/6/2010 1:39 AM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [6/23/2008 11:32 PM 359624]
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 06:36]

2010-03-07 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:58]

2010-03-07 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:58]

2010-03-07 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-03-07 d:\windows\Tasks\OGALogon.job
- d:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-03-07 d:\windows\Tasks\User_Feed_Synchronization-{6882F2CE-5ECE-4E3A-9EEB-C64DE620B223}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.alot.com/?client_id=99EA865001CABB1D0DB57294&install_time=2010-03-03T22:05Z&src_id=11247&camp_id=732&tb_version=2.5.9000.490
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=99EA865001CABB1D0DB57294&src_id=11247&camp_id=732&tb_version=2.5.9000.490
IE: &Windows Live Search
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file:///D:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 14:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2784)
d:\windows\system32\WININET.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\program files\Windows Desktop Search\deskbar.dll
d:\program files\Windows Desktop Search\en-us\dbres.dll.mui
d:\program files\Windows Desktop Search\dbres.dll
d:\program files\Windows Desktop Search\wordwheel.dll
d:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
d:\program files\Windows Desktop Search\msnlExtRes.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-07 14:49:18
ComboFix-quarantined-files.txt 2010-03-07 19:49
ComboFix2.txt 2010-03-07 16:15

Pre-Run: 2,950,541,312 bytes free
Post-Run: 2,981,957,632 bytes free

- - End Of File - - 40368043EE687D4DFD62C82CD12F92F7
computer doing a whole lots better, it's faster and i don't get the bad image error window anymore, the only thing i try to do and i can't is saving my pics on a CD.
Thank you.
Habib

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 07 March 2010 - 04:12 PM

Hi,

happy to hear that things are going better. When you say you can not save pictures to a cd, does that mean your burning program isn'T working?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 07 March 2010 - 06:02 PM

When i attempt to save a pic or pics to the CD drive (Z:),
i get this message window: Problem copying
windows encounter a problem when trying to copy this file , what do you want windows to do?


retry cancel

i retry but it keep the same message.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 07 March 2010 - 06:26 PM

Hi,

are you sure that CD is writable? I'll look into it, I'm not familiar with the drag&drop feature for CD-burning.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 habibuRahman

habibuRahman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 07 March 2010 - 10:39 PM

hi Myrti
i didn't mean to bug you about the CD saving thing, i mean what you done so far is really great , my computer is about 95% back to normal, up tell last night it was a mess , it got to the point that it will work for few minutes and the freeze up, then i have to restart it to get it going again, and have to go through all those not image window for everything to open up, but now thank you very much it back alive.
Also thank you for your cation about hackers to remotely control the computer, and steal critical system information , I'm going to keep my eyes on my personal account , and if i feel any thing going wrong , i will take the necessary action to stop or cancel may bank s and card account, but so far i didn't see any thing different , i really monitor my account on daily basis, some time i check them up to three or for time a day, i hope that it not the case with me,
i notes the virus when i first got it ,it all start it when it came on a form of google things, , i do have a virus protection i have malware protection that it just got disable when i have the virus, to the point when i run it the whole computer shut off, i have the Advance system care that i keep running it every day to keep the system kinda of clean , and i have the Sygate personal firewall, which is very cool i have the chance to allowed or deny what go in the system, but in case of this virus , the sygate kept giving a warning of google try to get access , i kept denying it for a while , but that message kept coming for days, then i thought why not let it go thru it's google and i like google search , but that was the mistake , after that every time i search google i get all the search result, just like normal, but when i got to open any one of those google search result, it take me to some other site that is not what i click on some other site that contain the word I'm searching but not what i want , and kept doing that all the time after that i mean i cant get any good of google search, i try everything i know to clean it out but there was nothing helping , i couldn't even restore my computer, all my restoring point was lost , the malware program was disable like i mention earlier, i try that SD-Fix and that won't work either, it was like that virus disable all the ways
i know to get ready of it, and my computer got bad to worse , tell i got to you guys and you guys is awesome, you grape the duck from it nose, and now thing is going back to normal,
sorry i didn't mean to blow your head with my brooking English , but i thought I'll give you my story it may help you guys to be aware of this google virus or maybe tell others to be aware of it.
about my CD saving thing , the CD is writable, i used to have this little icon on the bottom right corner, on the task bar , it will say you have so and so file is ready to be writing, i can't find that icon any more.
thank you
Habib.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:52 PM

Posted 08 March 2010 - 01:01 PM

Hi,

thanks for taking the time to describe how you got infected.

Could you please try to send the files onto the CD as follows: Select the files, right click them, go to send to and select cd. Do the files get written on CD?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users