Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TR/rootkit.gen


  • This topic is locked This topic is locked
38 replies to this topic

#1 Mo_

Mo_

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 17 March 2010 - 11:36 AM

I have followed the steps in this thread: http://www.bleepingcomputer.com/forums/t/302266/avira-antivir-has-found-a-few-warnings/ Moderator note: To clarify, that is the topic in AII where previous assistance was received. ~ OB

These have not really caused my computer to behave erratically, however I wish to fix them before they cause more problems. Also I tried scanning gmer, but it freezes when i try to save my log, so I only have DDS logs.


DDS (Ver_09-12-01.01) - NTFSx86
Run by MOMO at 14:06:22.25 on Tue 03.16.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.283 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\MarkAny\ContentSAFER\MaAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Naver\QuickManager2\MRDaemon.exe
C:\Documents and Settings\MOMO\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MOMO\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://hp.windowsmedia.com/MEDIAGUIDE/ClickTracking/Redir.htm?dest=http%3A//www.billboard.com/bb/hotweb/win_media.jsp
uInternet Settings,ProxyOverride = localhost;*.local
uInternet Settings,ProxyServer = 119.70.40.101:8080
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {a1199b3a-7cf0-2b51-2851-0949ec86095c} - c:\windows\otobijaxesa.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [Google Update] "c:\documents and settings\momo\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MRDaemon.exe] c:\program files\naver\quickmanager2\MRDaemon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LWBMOUSE] c:\program files\nasdak\omnimouse driver\4.06\MOUSE32A.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [MaAgent] c:\program files\markany\contentsafer\MaAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Uxizugiyelovaw] rundll32.exe "c:\windows\otobijaxesa.dll",Startup
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\PowerReg Scheduler.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Playlist - c:\program files\packetvideo\twonkybeam\TwonkyIEPlugin.dll/314
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193265707609
DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} - hxxp://www.onlineringman.com/auctions/install/isetupml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} - hxxp://www.tellmemoreeducation.com/bin/tol9inst.cab
DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} - hxxp://www.teenkorean.com/Penta/KoreanSecurity.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} - hxxp://www.interedu.go.kr/contents/101e/KWK.CAB
DPF: {A6FF3C3C-F33A-4269-9300-2682DB3B3441} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60_inilite/INIwallet60.cab
DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} - hxxp://patch.mnet.com/Mnet/QuickManagerNHN/Modules/NSAppHelper.cab/NSAH_20090729001.cab
DPF: {F4B4E3B3-7019-418F-A983-2902DB0998E2} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://images.hangame.co.kr/naver/music/test/NaverAXGuide.cab
TCP: {706C8577-228E-40D2-A652-5F80263DB04A} = 68.94.156.1,68.94.157.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli iecsedp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\momo\applic~1\mozilla\firefox\profiles\tdm7soeq.mo\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\momo\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\momo\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\momo\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\momo\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\momo\application data\mozilla\plugins\npAbacast.dll
FF - plugin: c:\documents and settings\momo\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\documents and settings\momo\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {EDC5BE12-F41D-4BDB-9150-5737FC4CC81B} - c:\documents and settings\momo\local settings\application data\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-25 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-25 56816]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 mrtRate;mrtRate; [x]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2004-8-31 18864]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys --> c:\windows\system32\drivers\w600bus.sys [?]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys --> c:\windows\system32\drivers\w600mdfl.sys [?]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys --> c:\windows\system32\drivers\w600mdm.sys [?]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys --> c:\windows\system32\drivers\w600mgmt.sys [?]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys --> c:\windows\system32\drivers\w600obex.sys [?]

=============== Created Last 30 ================

2010-03-16 17:08:03 176 ----a-w- c:\documents and settings\momo\defogger_reenable
2010-03-16 03:22:59 0 d-----w- c:\program files\Sophos
2010-03-13 17:11:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-13 17:11:27 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 17:11:26 0 d-----w- c:\docume~1\momo\applic~1\SUPERAntiSpyware.com
2010-03-13 16:03:09 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-12 17:42:35 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-12 17:42:35 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-12 17:34:17 0 ----a-w- c:\windows\Dzinafuzac.bin
2010-03-12 17:34:15 120 ----a-w- c:\windows\Ygerabafitizoy.dat
2010-03-12 17:31:29 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-12 17:31:29 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-12 17:29:55 4 ----a-w- c:\docume~1\momo\applic~1\avdrn.dat
2010-03-10 04:45:44 0 d-----w- c:\program files\Nero
2010-03-10 04:44:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-03-10 04:40:51 0 d-----w- c:\windows\SxsCaPendDel
2010-03-09 23:02:27 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-09 23:02:27 308224 ----a-w- c:\windows\system32\avisynth.dll
2010-03-09 22:59:50 0 d-----w- c:\program files\WMR14
2010-03-09 22:53:18 0 d-----w- c:\windows\system32\windows media
2010-03-09 22:52:39 0 d--h--w- c:\windows\msdownld.tmp
2010-03-09 22:52:30 0 d-----w- c:\program files\Windows Media Components
2010-02-16 00:18:57 0 d-----w- c:\windows\system32\NtmsData
2010-02-15 23:20:42 2105344 ----a-w- c:\windows\system32\secsetup.sdb
2010-02-15 23:04:33 0 d-----w- C:\877991b99a60a9badeb643972229aa34
2010-02-15 21:58:37 0 d-----w- c:\docume~1\momo\applic~1\Facebook

==================== Find3M ====================

2010-01-09 02:41:23 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-01-09 02:41:23 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-12-22 05:35:11 668672 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2002-08-29 12:00:00 94784 -csha-w- c:\windows\twain.dll
2004-08-04 07:56:46 50688 --sha-w- c:\windows\twain_32.dll
2005-03-07 01:08:43 0 -csha-w- c:\windows\sminst\HPCD.sys
2005-09-24 18:39:14 56 --sha-r- c:\windows\system32\4E5A1D190C.sys
2005-10-17 19:05:21 56 --sha-r- c:\windows\system32\A0C91DED6A.sys
2005-11-02 02:42:52 6060 -csha-w- c:\windows\system32\KGyGaAvL.sys
2004-08-04 07:56:42 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56:43 54784 --sha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56:43 413696 --sha-w- c:\windows\system32\msvcp60.dll
2004-08-04 07:56:43 343040 --sha-w- c:\windows\system32\msvcrt.dll
2007-12-04 18:38:13 550912 --sha-w- c:\windows\system32\oleaut32.dll
2004-08-04 07:56:44 83456 --sha-w- c:\windows\system32\olepro32.dll
2004-08-04 07:56:55 11776 --sha-w- c:\windows\system32\regsvr32.exe

============= FINISH: 14:07:57.75 ===============

Attached Files


Edited by Orange Blossom, 17 March 2010 - 06:49 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 AM

Posted 20 March 2010 - 11:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 March 2010 - 01:35 PM

hello myrti thanks for helping.

So far I have done dds scan as well as super anti spyware and mbam but haven't really removed anything. I thinkm I am infected with some trojans, but I also have noticed some ieexplore.exe processes when I boot up even though I don't use IE. I shall do the next step as you suggested

#4 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 21 March 2010 - 10:12 AM

OTL logfile created on: 3.21.2010 12:22:25 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\MOMO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M.d.yyyy

503.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 4.32 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEBIRDFAMILY
Current User Name: MOMO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.21 00:21:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMO\Desktop\OTL.exe
PRC - [2010.03.18 03:44:05 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\MOMO\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010.03.17 22:44:26 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010.02.19 08:01:05 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.12.23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.09.22 17:31:56 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009.09.22 15:09:02 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Replay Media Catcher\FLVSrvc.exe
PRC - [2009.08.05 15:32:55 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.11 15:23:52 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.25 21:49:49 | 002,807,216 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.02 02:23:28 | 000,066,896 | ---- | M] ((주)마크애니) -- C:\Program Files\MarkAny\ContentSAFER\MaAgent.exe
PRC - [2008.02.18 09:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007.06.13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.19 04:19:50 | 000,274,432 | ---- | M] (Hanmaro Inc) -- C:\Program Files\Naver\QuickManager2\MRDaemon.exe
PRC - [2003.07.14 20:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2002.10.16 19:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2002.08.29 08:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe
PRC - [2001.11.09 02:47:50 | 000,376,832 | ---- | M] () -- C:\Program Files\NASDAK\OmniMouse Driver\4.06\Mouse32A.exe
PRC - [2001.08.23 07:24:13 | 000,217,088 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2001.08.23 07:24:12 | 000,331,776 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe


========== Modules (SafeList) ==========

MOD - [2010.03.21 00:21:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMO\Desktop\OTL.exe
MOD - [2010.03.17 12:27:36 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\MOMO\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2009.03.26 11:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2007.03.08 11:36:28 | 000,163,328 | ---- | M] () -- C:\WINDOWS\otobijaxesa.dll
MOD - [2006.08.25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.11.24 07:58:24 | 000,163,840 | ---- | M] (MarkAny Co., Ltd.) -- C:\Program Files\MarkAny\ContentSAFER\MaCSProHook.dll
MOD - [2001.11.09 08:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.12.23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.09.22 17:31:56 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009.08.05 15:32:55 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.11 15:23:52 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.24 23:57:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003.05.19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2001.08.23 07:24:09 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - [2010.02.17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.12.07 15:46:04 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.04 11:14:54 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.06.11 15:23:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009.01.26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008.05.21 14:30:55 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.03.20 17:28:31 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2006.10.07 14:31:57 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\co_mon.sys -- (CO_Mon)
DRV - [2004.10.07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004.10.01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.04 03:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2004.08.04 02:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004.08.04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.08.04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004.05.27 11:47:16 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004.05.21 15:16:14 | 000,471,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2004.02.04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003.09.03 10:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.09.03 02:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003.08.13 21:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003.07.30 05:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003.07.30 05:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003.07.02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.07.02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003.06.19 04:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003.05.06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003.04.11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003.02.20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002.10.04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001.08.23 07:24:09 | 000,050,704 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2001.08.23 07:24:09 | 000,050,211 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2001.08.23 07:24:09 | 000,018,864 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2001.08.23 07:24:09 | 000,015,984 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2001.06.04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 119.70.40.101:8080

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.02.18 12:07:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B}: C:\Documents and Settings\MOMO\Local Settings\Application Data\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B} [2010.03.12 13:34:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 21:51:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 08:01:25 | 000,000,000 | ---D | M]

[2008.09.11 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Extensions
[2009.05.26 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions
[2006.09.18 19:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2006.09.18 19:28:41 | 000,000,000 | ---D | M] (Tabbrowser Preferences) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2008.10.12 18:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\firefox@tvunetworks.com
[2005.10.17 20:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\temp
[2010.03.20 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions
[2008.10.19 00:19:54 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009.06.04 06:08:34 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.01.11 07:16:19 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2009.02.23 07:18:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus)) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.01.11 07:16:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007.10.20 06:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\firebug@software.joehewitt.com
[2010.02.22 23:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\foxyproxy@eric.h.jung
[2005.11.12 21:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\temp
[2010.03.20 12:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.02.19 16:27:42 | 000,176,128 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
[2009.06.22 23:33:27 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2009.03.10 20:28:43 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {a1199b3a-7cf0-2b51-2851-0949ec86095c} - C:\WINDOWS\otobijaxesa.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\Mouse32A.exe ()
O4 - HKLM..\Run: [MaAgent] C:\Program Files\MarkAny\ContentSAFER\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Uxizugiyelovaw] C:\WINDOWS\otobijaxesa.DLL ()
O4 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007..\Run: [MRDaemon.exe] C:\Program Files\Naver\QuickManager2\MRDaemon.exe (Hanmaro Inc)
O4 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1488367518-1938601738-610657036-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009.03.09 23:27:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009.03.09 23:27:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009.03.09 23:27:46 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1193265707609 (MUWebControl Class)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://www.onlineringman.com/auctions/install/isetupml.cab (InstallShield International Setup Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} http://patch.mnet.com/Ver2/App/totalApp/mn...r2_20090318.cab (MnetHelper6 Control)
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} http://activex.microsoft.com/objects/ocget.dll (McciSM Class)
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} http://www.tellmemoreeducation.com/bin/tol9inst.cab (Installer9Ctrl Class)
O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} http://www.teenkorean.com/Penta/KoreanSecurity.cab (IssacWebSE Class)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} http://www.interedu.go.kr/contents/101e/KWK.CAB (mr.UserControl1)
O16 - DPF: {A6FF3C3C-F33A-4269-9300-2682DB3B3441} http://activex.microsoft.com/objects/ocget.dll (McciUtilsRegistry Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} http://plugin.inicis.com/wallet60_inilite/INIwallet60.cab (INIwallet60 Control)
O16 - DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} http://patch.mnet.com/Mnet/QuickManagerNHN...20090729001.cab (NSAppHelperWizrd Class)
O16 - DPF: {F4B4E3B3-7019-418F-A983-2902DB0998E2} http://activex.microsoft.com/objects/ocget.dll (McciSysModuleInfo Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://images.hangame.co.kr/naver/music/te...averAXGuide.cab (NaverAXGuide Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSAFER\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.07.28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{53159f08-a79b-11d8-9e94-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- [2002.09.10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{968eb13e-e509-11de-846a-000c769cf3c6}\Shell\AutoRun\command - "" = O:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{968eb13e-e509-11de-846a-000c769cf3c6}\Shell\Setup FlipShare\command - "" = O:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002.09.10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: fingstat - (C:\WINDOWS\system32\Presrint.dll) - C:\WINDOWS\System32\Presrint.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003.11.15 07:11:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^MOMO^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - File not found
MsConfig - StartUpReg: Advanced SystemCare 3 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
MsConfig - StartUpReg: Athan - hkey= - key= - C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
MsConfig - StartUpReg: BackupNotify - hkey= - key= - c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe ( )
MsConfig - StartUpReg: EasyLinkAdvisor - hkey= - key= - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
MsConfig - StartUpReg: LDM - hkey= - key= - File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: WT GameChannel - hkey= - key= - C:\Program Files\WildTangent\Apps\GameChannel.exe File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: YBrowser - hkey= - key= - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {34C70B70-8FFF-4179-A2EB-0819FFA38126} - Reg Error: Value error.
ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error.
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error.
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4DAEE2D4-A471-42AC-97A2-4C2A79C77648} - Reg Error: Value error.
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error.
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {AE6A070D-35DA-79EB-0BE6-3A1B8E22BB76} - Outlook Express
ActiveX: {B9191F79-5613-4C76-AA2A-398534BB8999} - Reg Error: Value error.
ActiveX: {BB74626D-0A16-31A9-1DD6-74925D5AC4B5} - Internet Explorer Classes for Java
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CB86EC62-CEA7-4C82-9EBA-B7A5E410E54C} - Reg Error: Value error.
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error.
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D78F3699-7C74-FAE6-A7E5-68237136EB5D} - Internet Explorer
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E4C757C7-370D-A84F-FD5C-A919F2742DB0} - Viewpoint Media Player
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error.
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.MJPG - jl_mjpg2.drv File not found
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.ZDSV - C:\WINDOWS\System32\scrvid.dll (ZD Soft, http://www.zdsoft.com/)

========== Files/Folders - Created Within 30 Days ==========

[2010.03.21 00:21:50 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MOMO\Desktop\OTL.exe
[2010.03.15 23:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010.03.14 23:08:39 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\MOMO\Desktop\RootRepeal.exe
[2010.03.13 13:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.03.13 13:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.03.13 13:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Application Data\SUPERAntiSpyware.com
[2010.03.13 13:09:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\MOMO\Desktop\ATF-Cleaner.exe
[2010.03.12 13:42:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.03.12 13:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Local Settings\Application Data\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B}
[2010.03.12 13:31:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.03.12 13:31:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.03.10 01:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\Dig. Img
[2010.03.10 01:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Application Data\Nero
[2010.03.10 00:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010.03.10 00:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010.03.10 00:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010.03.10 00:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.03.09 23:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]
[2010.03.09 19:02:27 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010.03.09 19:02:27 | 000,308,224 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010.03.09 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14
[2010.03.09 18:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010.03.09 18:52:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010.03.09 18:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010.03.09 11:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\driversli
[2010.03.04 21:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\powerfactor_files
[2010.02.22 21:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\digimg
[2010.02.21 18:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Local Settings\Application Data\assembly
[2009.12.29 23:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009.12.22 10:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009.10.18 01:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2009.08.21 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009.06.18 15:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009.05.26 21:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009.05.26 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.03.09 22:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.03.09 22:23:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.03.09 22:23:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008.08.25 11:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2007.10.08 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.21 00:21:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMO\Desktop\OTL.exe
[2010.03.20 15:28:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.03.20 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010.03.20 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.03.20 14:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.20 14:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1488367518-1938601738-610657036-1007UA.job
[2010.03.20 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010.03.20 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.03.20 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010.03.20 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.03.20 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010.03.20 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.03.20 00:34:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010.03.19 21:44:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ygerabafitizoy.dat
[2010.03.19 21:44:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dzinafuzac.bin
[2010.03.19 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010.03.19 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.03.19 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010.03.19 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.03.19 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010.03.19 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.03.19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010.03.19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.03.19 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010.03.19 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.03.19 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.03.19 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010.03.19 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.03.19 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010.03.19 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.03.19 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010.03.19 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.03.19 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010.03.19 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.03.19 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010.03.19 03:49:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1488367518-1938601738-610657036-1007Core.job
[2010.03.19 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.03.19 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010.03.19 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.03.19 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010.03.19 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010.03.19 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.03.19 00:46:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.03.18 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010.03.18 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.03.18 22:50:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.18 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010.03.18 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.03.18 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010.03.18 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.03.18 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010.03.18 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.03.18 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010.03.18 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.03.18 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010.03.18 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.03.17 22:46:09 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\Google Chrome.lnk
[2010.03.17 15:02:32 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\MOMO\ntuser.dat
[2010.03.17 12:27:01 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010.03.17 12:24:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.17 12:24:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.17 12:24:44 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.16 15:11:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.16 15:11:33 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.16 15:11:32 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.16 14:54:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.16 13:10:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MOMO\ntuser.ini
[2010.03.16 13:08:26 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\MOMO\defogger_reenable
[2010.03.16 13:07:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\Defogger.exe
[2010.03.14 23:08:41 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\MOMO\Desktop\RootRepeal.exe
[2010.03.14 22:47:17 | 000,445,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.14 22:47:14 | 000,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.14 22:47:13 | 000,004,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.13 13:11:34 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.03.13 13:09:35 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\MOMO\Desktop\ATF-Cleaner.exe
[2010.03.13 12:48:52 | 007,757,856 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\SUPERAntiSpyware.exe
[2010.03.13 12:03:09 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.03.12 13:29:55 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MOMO\Application Data\avdrn.dat
[2010.03.10 16:03:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.10 00:47:16 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010.03.09 19:05:33 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\MOMO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.09 19:00:08 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\WM Converter 14.lnk
[2010.03.09 19:00:08 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WM Recorder 14.lnk
[2010.03.08 13:52:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\MOMO\My Documents\hptable.doc
[2010.03.08 13:49:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\Microsoft Office Word 2003.lnk
[2010.03.07 00:29:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.03.04 21:15:02 | 000,007,276 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\powerfactor.htm
[2010.03.03 21:45:52 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\MOMO\My Documents\mobydick2.doc
[2010.02.28 23:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.02.21 12:37:25 | 000,000,590 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.16 14:18:08 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\gmer.exe
[2010.03.16 13:08:03 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\MOMO\defogger_reenable
[2010.03.16 13:07:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\Defogger.exe
[2010.03.14 22:20:18 | 528,011,264 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.13 13:11:34 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.03.13 12:51:23 | 007,757,856 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\SUPERAntiSpyware.exe
[2010.03.13 12:03:09 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.03.13 12:00:22 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010.03.12 13:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dzinafuzac.bin
[2010.03.12 13:34:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ygerabafitizoy.dat
[2010.03.12 13:30:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
[2010.03.12 13:29:55 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MOMO\Application Data\avdrn.dat
[2010.03.10 00:47:16 | 000,002,338 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010.03.09 19:00:08 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\WM Converter 14.lnk
[2010.03.09 19:00:08 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WM Recorder 14.lnk
[2010.03.08 13:52:11 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\MOMO\My Documents\hptable.doc
[2010.03.04 21:14:48 | 000,007,276 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\powerfactor.htm
[2010.03.03 20:27:56 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\MOMO\My Documents\mobydick2.doc
[2010.01.31 01:56:09 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv5
[2009.11.14 11:57:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.09.09 17:55:32 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.08.13 15:53:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.06.02 06:24:53 | 000,000,111 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009.05.11 06:43:01 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.03.28 01:35:56 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\p3max.dll
[2008.02.05 23:49:39 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.01.16 23:18:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.01.16 23:18:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.16 23:18:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.01.16 23:18:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.12.09 12:45:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iTunesQLoudEx.INI
[2006.11.01 02:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 02:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.10.07 14:31:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\co_mon.sys
[2006.10.05 20:23:33 | 000,000,281 | ---- | C] () -- C:\WINDOWS\MONTKHB_E_H.INI
[2006.01.15 21:07:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006.01.11 21:42:31 | 000,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006.01.11 21:23:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2005.10.17 15:05:20 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A0C91DED6A.sys
[2005.08.24 19:41:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2005.08.24 09:46:17 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4E5A1D190C.sys
[2005.08.23 22:39:47 | 000,006,060 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005.05.01 20:39:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sonic.ini
[2005.04.10 20:10:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2005.02.17 19:41:35 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.02.17 19:41:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2005.02.17 19:41:31 | 000,471,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2004.10.31 10:48:36 | 000,000,076 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004.10.31 10:47:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004.09.28 07:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004.09.21 21:40:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004.09.21 21:39:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2004.09.01 18:38:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004.09.01 18:17:51 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\MOMO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.08.31 21:02:15 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2004.08.31 20:51:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004.08.31 15:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004.08.30 16:45:28 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004.08.30 16:45:26 | 000,000,503 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004.07.30 22:57:26 | 000,002,637 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004.07.27 18:13:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2004.05.17 20:37:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004.05.17 20:29:45 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MOMO\Local Settings\Application Data\fusioncache.dat
[2004.05.17 18:16:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004.05.17 18:04:42 | 000,006,476 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003.10.14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.10.14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003.10.14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003.10.13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003.10.13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003.10.11 01:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003.10.11 01:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003.10.11 01:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003.10.11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003.10.11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003.10.11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003.10.11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003.10.11 01:18:34 | 000,000,590 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.10.11 01:07:37 | 000,001,090 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003.10.10 23:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.10.10 23:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003.10.10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.10.10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003.10.10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003.10.10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003.10.10 22:35:14 | 000,000,912 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.10.10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.10.10 22:22:19 | 000,163,328 | ---- | C] () -- C:\WINDOWS\otobijaxesa.dll
[2003.09.23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.07.14 15:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003.01.08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2005.05.23 15:14:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005.05.23 15:14:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004.08.04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001.08.17 23:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.08.29 15:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005.05.23 15:14:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002.08.29 15:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2005.05.23 15:14:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008.04.13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004.08.04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002.10.24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004.08.04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2002.08.29 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002.08.29 08:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 3.21.2010 12:22:25 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\MOMO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M.d.yyyy

503.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 4.32 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEBIRDFAMILY
Current User Name: MOMO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1488367518-1938601738-610657036-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Orca Browser\orca.exe" %1 File not found
https [open] -- "C:\Program Files\Orca Browser\orca.exe" %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard
"25777:UDP" = 25777:UDP:*:Enabled:xfire
"80:TCP" = 80:TCP:*:Enabled:FIFA
"9980:TCP" = 9980:TCP:*:Enabled:FIFA_C
"9981:TCP" = 9981:TCP:*:Enabled:FIFA_D
"9982:TCP" = 9982:TCP:*:Enabled:FIFA_E
"9983:TCP" = 9983:TCP:*:Enabled:FIFA_F
"9984:TCP" = 9984:TCP:*:Enabled:FIFA_G
"9985:TCP" = 9985:TCP:*:Enabled:FIFA_H
"9986:TCP" = 9986:TCP:*:Enabled:FIFA_I
"9987:TCP" = 9987:TCP:*:Enabled:FIFA_J
"9988:TCP" = 9988:TCP:*:Enabled:FIFA_K
"9989:TCP" = 9989:TCP:*:Enabled:FIFA_L
"12400:TCP" = 12400:TCP:*:Enabled:FIFA_M
"12499:TCP" = 12499:TCP:*:Enabled:FIFA_N
"30400:TCP" = 30400:TCP:*:Enabled:FIFA_O
"30499:TCP" = 30499:TCP:*:Enabled:FIFA_
"3659:UDP" = 3659:UDP:*:Enabled:FIFA_P
"9570:UDP" = 9570:UDP:*:Enabled:FIFA_R
"6000:UDP" = 6000:UDP:*:Enabled:FIFA_Q
"9861:UDP" = 9861:UDP:*:Enabled:FIFA_Z
"9860:UDP" = 9860:UDP:*:Enabled:FIFA_Y
"9859:UDP" = 9859:UDP:*:Enabled:FIFA_X
"9858:UDP" = 9858:UDP:*:Enabled:FIFA_W
"9811:UDP" = 9811:UDP:*:Enabled:FIFA_V
"9810:UDP" = 9810:UDP:*:Enabled:FIFA_U
"9809:UDP" = 9809:UDP:*:Enabled:FIFA_T
"9808:UDP" = 9808:UDP:*:Enabled:FIFA_S
"123:UDP" = 123:UDP:*:Enabled:123
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6881:TCP" = 6881:TCP:*:Enabled:Blizz 2
"6999:TCP" = 6999:TCP:*:Enabled:Blizz 3
"3724:TCP" = 3724:TCP:*:Enabled:Blizz 4
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\yserver.exe" = C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"" = :*:Enabled:Yahoo! Music Jukebox
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\MOMO\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe" = C:\Documents and Settings\MOMO\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe:*:Enabled:PowerFootball -- ()
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\tooble\tooble.exe" = C:\Program Files\tooble\tooble.exe:*:Enabled:tooble.exe -- (tooble LLC)
"C:\Program Files\tooble\AppUpdater.exe" = C:\Program Files\tooble\AppUpdater.exe:*:Enabled:AppUpdater.exe -- (tooble LLC)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU networks)
"C:\Documents and Settings\MOMO\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe" = C:\Documents and Settings\MOMO\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer -- ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\P3MxSvr.exe" = C:\WINDOWS\system32\P3MxSvr.exe:*:Enabled:Maxmp3 AoD Control -- ()
"C:\WINDOWS\system32\p3mxvsvr.exe" = C:\WINDOWS\system32\p3mxvsvr.exe:*:Enabled:MAXMP3 VOD Control -- (Maxmp3)
"C:\WINDOWS\system32\mnetasvr.exe" = C:\WINDOWS\system32\mnetasvr.exe:*:Enabled:MNet AoD Server -- (PeeringPortal)
"C:\WINDOWS\system32\mnetvsvr.exe" = C:\WINDOWS\system32\mnetvsvr.exe:*:Enabled:MNet VoD Server -- (PeeringPortal)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player -- (StreamTorrent)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Documents and Settings\MOMO\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\MOMO\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TwonkyMedia\twonkymediaserver.exe" = C:\Program Files\TwonkyMedia\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- File not found
"C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia -- File not found
"C:\Program Files\TwonkyMedia\bgtrans.exe" = C:\Program Files\TwonkyMedia\bgtrans.exe:*:Enabled:${BGTRANS_NAME} -- File not found
"C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe" = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe:*:Enabled:TwonkyMediaManager -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18D4E4B9-7BE5-48CE-BB11-BEFDC5AED350}" = SlideShow Desktop
"{19234D4B-AA7A-4165-8ECB-0247B420C515}" = ArcSoft PhotoImpression
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{22D9B90E-5975-4C44-B0B2-F02A97BE030D}" = Auction Client
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel Extreme Graphics Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-7E8A45000001}" = Adobe Reader Korean Fonts
"{AE86AE81-CD7F-496F-A39F-0210C985E71B}" = FM Modifier 2.25
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4EE98D3-507A-4160-8F65-710C37A8FBB8}" = Opera 9.02
"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite
"{f72956d6-ff74-4ded-8b4f-95f48a58d15f}" = Nero 9 Trial
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"ACDSee" = ACDSee
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Anki" = Anki
"Athan" = Athan Basic 3.8
"ATT-PRT22" = ATT-PRT22
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"BookWorm Deluxe 1.01" = BookWorm Deluxe 1.01
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"Easy RM to MP3 Converter_is1" = Easy RM to MP3 Converter 1.82.10
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Football Manager 2008" = Football Manager 2008
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"Free RM to MP3 Converter_is1" = Free RM to MP3 Converter 1.12
"Free Studio_is1" = Free Studio version 4.1
"Free YouTube FLV Converter_is1" = Free YouTube FLV Converter v1.0
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1
"Game Booster_is1" = Game Booster
"GhostMouse 2.0" = GhostMouse 2.0
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"HPTOOLKIT" = toolkit
"HTML Password Lock_is1" = HTML Password Lock 3.1
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Internet Download Manager" = Internet Download Manager
"KlipFolio" = KlipFolio (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"Logitech Print Service" = Logitech Print Service
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 2.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mnet P3Modules" = ̾ 2.0
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Mp3tag" = Mp3tag v2.42
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"NASDAK OmniMouse Driver" = OmniMouse Driver 4.06
"NaverPlayer" = Naver Player
"NaverSetup" = ??? ActiveX ???
"Neocodex Check V3_is1" = Neocodex Check V3.3.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"Orbit_is1" = Orbit Downloader
"Playlist Creator 3.6" = Playlist Creator 3.6
"PS2" = PS2
"PSN" = Post-it Software Notes Lite
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QcDrv" = Logitech Camera Driver
"QuickManager2NHN" = ̹ Ŵ
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"Smart Defrag_is1" = Smart Defrag 1.11
"SopCast" = SopCast 3.0.3
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpamSubtract" = SpamSubtract
"StreamTorrent 1.0" = StreamTorrent 1.0
"StreetPlugin" = Learn2.com Player (Uninstall Only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"The Holy Quran" = The Holy Quran
"The Rosetta Stone" = The Rosetta Stone
"tooble" = tooble
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"TVUPlayer" = TVUPlayer 2.4.0.1
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinGTK-2_is1" = GTK+ 2.8.9 runtime environment
"WinRAR archiver" = WinRAR archiver
"WM Recorder 14" = WM Recorder 14
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZDSV" = ZD Soft Screen Video Decoder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1488367518-1938601738-610657036-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"FutureStream Client" = FutureStream Client
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3.16.2010 11:44:06 AM | Computer Name = THEBIRDFAMILY | Source = Google Update | ID = 20
Description =

Error - 3.16.2010 11:44:06 AM | Computer Name = THEBIRDFAMILY | Source = Google Update | ID = 20
Description =

Error - 3.16.2010 12:44:06 PM | Computer Name = THEBIRDFAMILY | Source = Google Update | ID = 20
Description =

Error - 3.16.2010 12:44:06 PM | Computer Name = THEBIRDFAMILY | Source = Google Update | ID = 20
Description =

Error - 3.16.2010 1:34:18 PM | Computer Name = THEBIRDFAMILY | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.50.13, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001e69c.

Error - 3.16.2010 3:09:47 PM | Computer Name = THEBIRDFAMILY | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.50.13, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001e69c.

Error - 3.16.2010 3:11:46 PM | Computer Name = THEBIRDFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.200, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3.16.2010 3:11:46 PM | Computer Name = THEBIRDFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.200, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3.16.2010 3:11:47 PM | Computer Name = THEBIRDFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.200, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3.17.2010 12:32:55 PM | Computer Name = THEBIRDFAMILY | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.50.13, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001e69c.

[ System Events ]
Error - 3.20.2010 1:00:00 PM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 3.20.2010 1:00:00 PM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At38.job command failed to start due to the following error: %%2147942402

Error - 3.20.2010 2:00:00 PM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 3.20.2010 2:00:00 PM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At39.job command failed to start due to the following error: %%2147942402

Error - 3.20.2010 3:00:00 PM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 3.20.2010 3:00:00 PM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At40.job command failed to start due to the following error: %%2147942402

Error - 3.21.2010 12:34:01 AM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At25.job command failed to start due to the following error: %%2147942402

Error - 3.21.2010 12:46:00 AM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 3.21.2010 1:00:00 AM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402

Error - 3.21.2010 1:00:00 AM | Computer Name = THEBIRDFAMILY | Source = Schedule | ID = 7901
Description = The At26.job command failed to start due to the following error: %%2147942402


< End of report >

Edited by Mo_, 21 March 2010 - 10:14 AM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 AM

Posted 21 March 2010 - 03:30 PM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010.03.13 12:03:09 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
    [2010.03.13 12:00:22 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
    [2010.03.12 13:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dzinafuzac.bin
    [2010.03.12 13:34:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ygerabafitizoy.dat
    [2010.03.12 13:30:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
    [2010.03.12 13:29:55 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MOMO\Application Data\avdrn.dat
    O36 - AppCertDlls: fingstat - (C:\WINDOWS\system32\Presrint.dll) - C:\WINDOWS\System32\Presrint.dll File not found
    O4 - HKLM..\Run: [Uxizugiyelovaw] C:\WINDOWS\otobijaxesa.DLL ()
    O2 - BHO: (no name) - {a1199b3a-7cf0-2b51-2851-0949ec86095c} - C:\WINDOWS\otobijaxesa.dll ()
    MOD - [2007.03.08 11:36:28 | 000,163,328 | ---- | M] () -- C:\WINDOWS\otobijaxesa.dll
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 21 March 2010 - 06:01 PM

thanks when I rebooted after the scan Avira found some TR/Hiloti

here is the first log I will do the follow up scan now

All processes killed
========== OTL ==========
C:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.
C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat moved successfully.
C:\WINDOWS\Dzinafuzac.bin moved successfully.
C:\WINDOWS\Ygerabafitizoy.dat moved successfully.
C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat moved successfully.
C:\Documents and Settings\MOMO\Application Data\avdrn.dat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\fingstat:C:\WINDOWS\system32\Presrint.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Uxizugiyelovaw deleted successfully.
C:\WINDOWS\otobijaxesa.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1199b3a-7cf0-2b51-2851-0949ec86095c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1199b3a-7cf0-2b51-2851-0949ec86095c}\ deleted successfully.
File C:\WINDOWS\otobijaxesa.dll not found.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.THEBIRDFAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2938521 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MOMO
->Temp folder emptied: 98677448 bytes
->Temporary Internet Files folder emptied: 377752 bytes
->Java cache emptied: 2255893 bytes
->FireFox cache emptied: 143370203 bytes
->Google Chrome cache emptied: 189415369 bytes
->Flash cache emptied: 73289 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 701860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23951466 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 421744 bytes
RecycleBin emptied: 5146 bytes

Total Files Cleaned = 441.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03212010_163542

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#7 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 21 March 2010 - 07:17 PM

follow up scan

OTL logfile created on: 3.21.2010 7:01:15 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\MOMO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M.d.yyyy

503.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 4.77 Gb Free Space | 6.74% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 70.81 Gb Total Space | 4.77 Gb Free Space | 6.74% Space Free | Partition Type: NTFS

Computer Name: THEBIRDFAMILY
Current User Name: MOMO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\MOMO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\MOMO\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\MarkAny\ContentSAFER\MaAgent.exe ((주)마크애니)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Naver\QuickManager2\MRDaemon.exe (Hanmaro Inc)
PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)
PRC - C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\NASDAK\OmniMouse Driver\4.06\Mouse32A.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\MOMO\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
MOD - C:\Documents and Settings\MOMO\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\MarkAny\ContentSAFER\MaCSProHook.dll (MarkAny Co., Ltd.)
MOD - C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUDL32A.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TVersityMediaServer) -- C:\Program Files\TVersity\Media Server\MediaServer.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (GoProto) -- C:\WINDOWS\system32\drivers\goprot51.sys (Gteko Ltd.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\co_mon.sys ()
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys ()
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys ()
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 119.70.40.101:8080

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.02.18 12:07:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 15:00:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B}: C:\Documents and Settings\MOMO\Local Settings\Application Data\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B} [2010.03.12 13:34:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 21:51:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 08:01:25 | 000,000,000 | ---D | M]

[2008.09.11 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Extensions
[2008.09.11 20:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.05.26 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions
[2006.09.18 19:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2006.09.18 19:28:41 | 000,000,000 | ---D | M] (Tabbrowser Preferences) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2008.10.12 18:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\firefox@tvunetworks.com
[2005.10.17 20:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\f9yilcfs.default\extensions\temp
[2010.03.21 15:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions
[2008.10.19 00:19:54 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009.06.04 06:08:34 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.01.11 07:16:19 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2009.02.23 07:18:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.01.11 07:16:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007.10.20 06:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\firebug@software.joehewitt.com
[2010.02.22 23:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\foxyproxy@eric.h.jung
[2005.11.12 21:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOMO\Application Data\Mozilla\Firefox\Profiles\tdm7soeq.mo\extensions\temp
[2010.03.21 15:12:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.19 08:01:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.05.23 18:59:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008.05.21 14:25:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010.02.19 08:01:01 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.02.19 08:01:01 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2004.09.09 01:03:50 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008.02.19 16:27:42 | 000,176,128 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
[2006.08.07 10:32:12 | 001,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.02.19 08:01:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 13:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009.06.22 23:33:27 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010.02.07 14:08:44 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010.02.07 14:08:44 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010.02.07 14:08:44 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010.02.07 14:08:44 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010.02.07 14:08:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.02.07 14:08:44 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010.02.07 14:08:45 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009.03.10 20:28:43 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\Mouse32A.exe ()
O4 - HKLM..\Run: [MaAgent] C:\Program Files\MarkAny\ContentSAFER\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\MOMO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [MRDaemon.exe] C:\Program Files\Naver\QuickManager2\MRDaemon.exe (Hanmaro Inc)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009.03.09 23:27:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009.03.09 23:27:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009.03.09 23:27:46 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1193265707609 (MUWebControl Class)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://www.onlineringman.com/auctions/install/isetupml.cab (InstallShield International Setup Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} http://patch.mnet.com/Ver2/App/totalApp/mn...r2_20090318.cab (MnetHelper6 Control)
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} http://activex.microsoft.com/objects/ocget.dll (McciSM Class)
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} http://www.tellmemoreeducation.com/bin/tol9inst.cab (Installer9Ctrl Class)
O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} http://www.teenkorean.com/Penta/KoreanSecurity.cab (IssacWebSE Class)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} http://www.interedu.go.kr/contents/101e/KWK.CAB (mr.UserControl1)
O16 - DPF: {A6FF3C3C-F33A-4269-9300-2682DB3B3441} http://activex.microsoft.com/objects/ocget.dll (McciUtilsRegistry Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} http://plugin.inicis.com/wallet60_inilite/INIwallet60.cab (INIwallet60 Control)
O16 - DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} http://patch.mnet.com/Mnet/QuickManagerNHN...20090729001.cab (NSAppHelperWizrd Class)
O16 - DPF: {F4B4E3B3-7019-418F-A983-2902DB0998E2} http://activex.microsoft.com/objects/ocget.dll (McciSysModuleInfo Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://images.hangame.co.kr/naver/music/te...averAXGuide.cab (NaverAXGuide Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSAFER\MACSMANAGER.dll (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.07.28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002.09.11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{968eb13e-e509-11de-846a-000c769cf3c6}\Shell\AutoRun\command - "" = O:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{968eb13e-e509-11de-846a-000c769cf3c6}\Shell\Setup FlipShare\command - "" = O:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002.09.10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.21 16:35:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.21 00:21:50 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MOMO\Desktop\OTL.exe
[2010.03.15 23:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010.03.14 23:08:39 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\MOMO\Desktop\RootRepeal.exe
[2010.03.13 13:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.03.13 13:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.03.13 13:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Application Data\SUPERAntiSpyware.com
[2010.03.13 13:09:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\MOMO\Desktop\ATF-Cleaner.exe
[2010.03.12 13:42:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.03.12 13:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Local Settings\Application Data\{EDC5BE12-F41D-4BDB-9150-5737FC4CC81B}
[2010.03.12 13:31:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.03.12 13:31:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.03.10 01:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\Dig. Img
[2010.03.10 01:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Application Data\Nero
[2010.03.10 00:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010.03.10 00:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010.03.10 00:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010.03.10 00:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.03.09 23:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]
[2010.03.09 19:02:27 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010.03.09 19:02:27 | 000,308,224 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010.03.09 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14
[2010.03.09 18:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010.03.09 18:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010.03.09 11:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\driversli
[2010.03.04 21:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\powerfactor_files
[2010.02.22 21:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Desktop\digimg
[2010.02.21 18:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOMO\Local Settings\Application Data\assembly
[2009.12.29 23:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009.12.22 10:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009.10.18 01:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2009.08.21 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009.06.18 15:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009.05.26 21:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009.05.26 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.03.09 22:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.03.09 22:23:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.03.09 22:23:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008.08.25 11:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2007.10.08 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010.03.21 18:50:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.21 18:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1488367518-1938601738-610657036-1007UA.job
[2010.03.21 17:18:39 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010.03.21 17:17:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.21 17:17:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.21 17:16:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.03.21 17:16:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.21 17:16:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.21 17:16:25 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.21 17:15:02 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\MOMO\ntuser.dat
[2010.03.21 17:15:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MOMO\ntuser.ini
[2010.03.21 03:49:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1488367518-1938601738-610657036-1007Core.job
[2010.03.21 00:21:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOMO\Desktop\OTL.exe
[2010.03.17 22:46:09 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\Google Chrome.lnk
[2010.03.16 15:11:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.16 15:11:33 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.16 15:11:32 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.16 13:08:26 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\MOMO\defogger_reenable
[2010.03.16 13:07:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\Defogger.exe
[2010.03.14 23:08:41 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\MOMO\Desktop\RootRepeal.exe
[2010.03.14 22:47:17 | 000,445,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.14 22:47:14 | 000,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.14 22:47:13 | 000,004,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.13 13:11:34 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.03.13 13:09:35 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\MOMO\Desktop\ATF-Cleaner.exe
[2010.03.13 12:48:52 | 007,757,856 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\SUPERAntiSpyware.exe
[2010.03.10 16:03:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.10 00:47:16 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010.03.09 19:05:33 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\MOMO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.09 19:00:08 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\WM Converter 14.lnk
[2010.03.09 19:00:08 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WM Recorder 14.lnk
[2010.03.08 13:52:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\MOMO\My Documents\hptable.doc
[2010.03.08 13:49:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\Microsoft Office Word 2003.lnk
[2010.03.07 00:29:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.03.04 21:15:02 | 000,007,276 | ---- | M] () -- C:\Documents and Settings\MOMO\Desktop\powerfactor.htm
[2010.03.03 21:45:52 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\MOMO\My Documents\mobydick2.doc
[2010.02.28 23:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.02.21 12:37:25 | 000,000,590 | ---- | M] () -- C:\WINDOWS\ODBC.INI

========== Files Created - No Company Name ==========

[2010.03.16 14:18:08 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\gmer.exe
[2010.03.16 13:08:03 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\MOMO\defogger_reenable
[2010.03.16 13:07:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\Defogger.exe
[2010.03.14 22:20:18 | 528,011,264 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.13 13:11:34 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.03.13 12:51:23 | 007,757,856 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\SUPERAntiSpyware.exe
[2010.03.10 00:47:16 | 000,002,338 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010.03.09 19:00:08 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\WM Converter 14.lnk
[2010.03.09 19:00:08 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WM Recorder 14.lnk
[2010.03.08 13:52:11 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\MOMO\My Documents\hptable.doc
[2010.03.04 21:14:48 | 000,007,276 | ---- | C] () -- C:\Documents and Settings\MOMO\Desktop\powerfactor.htm
[2010.03.03 20:27:56 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\MOMO\My Documents\mobydick2.doc
[2010.01.31 01:56:09 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv5
[2009.11.14 11:57:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.09.09 17:55:32 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.08.13 15:53:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.06.02 06:24:53 | 000,000,111 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009.05.11 06:43:01 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.03.28 01:35:56 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\p3max.dll
[2008.02.05 23:49:39 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.01.16 23:18:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.01.16 23:18:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.16 23:18:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.01.16 23:18:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.12.09 12:45:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iTunesQLoudEx.INI
[2006.11.01 02:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 02:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.10.07 14:31:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\co_mon.sys
[2006.10.05 20:23:33 | 000,000,281 | ---- | C] () -- C:\WINDOWS\MONTKHB_E_H.INI
[2006.01.15 21:07:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006.01.11 21:42:31 | 000,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006.01.11 21:23:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2005.10.17 15:05:20 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A0C91DED6A.sys
[2005.08.24 19:41:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2005.08.24 09:46:17 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4E5A1D190C.sys
[2005.08.23 22:39:47 | 000,006,060 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005.05.01 20:39:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sonic.ini
[2005.04.10 20:10:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2005.02.17 19:41:35 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.02.17 19:41:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2005.02.17 19:41:31 | 000,471,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2004.10.31 10:48:36 | 000,000,076 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004.10.31 10:47:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004.09.28 07:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004.09.21 21:40:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004.09.21 21:39:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2004.09.01 18:38:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004.09.01 18:17:51 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\MOMO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.08.31 21:02:15 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2004.08.31 20:51:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004.08.31 15:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004.08.30 16:45:28 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004.08.30 16:45:26 | 000,000,503 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004.07.30 22:57:26 | 000,002,637 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004.07.27 18:13:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2004.05.17 20:37:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004.05.17 20:29:45 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MOMO\Local Settings\Application Data\fusioncache.dat
[2004.05.17 18:16:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004.05.17 18:04:42 | 000,006,476 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003.10.14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.10.14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003.10.14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003.10.13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003.10.13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003.10.11 01:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003.10.11 01:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003.10.11 01:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003.10.11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003.10.11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003.10.11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003.10.11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003.10.11 01:18:34 | 000,000,590 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.10.11 01:07:37 | 000,001,090 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003.10.10 23:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.10.10 23:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003.10.10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.10.10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003.10.10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003.10.10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003.10.10 22:35:14 | 000,000,912 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.10.10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.09.23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.07.14 15:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003.01.08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
< End of report >


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 AM

Posted 22 March 2010 - 03:36 PM

Hi,

this is looking pretty good. How is your PC doing?

Can you tell me where avira found the infection?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 22 March 2010 - 06:33 PM

sure should I do a full scan or a quick scan? or just check the old avira log?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 AM

Posted 24 March 2010 - 03:34 PM

Hi,

please check your old logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 24 March 2010 - 06:02 PM

C:\Documents and Settings\MOMO\Start Menu\Programs\Startup\winesm32.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028915.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028930.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\LastGood\system32\drivers\aec.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\LastGood\system32\drivers\dot4.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\LastGood\system32\drivers\i2omgmt.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\LastGood\system32\drivers\ip6fw.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\system32\drivers\OLD1FF.tmp
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\system32\drivers\OLD205.tmp
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\system32\drivers\OLD20B.tmp
[DETECTION] Is the TR/Rootkit.Gen Trojan

those are the locations on the old log and I am not sure where the TR/Hilotis were located I belive they were also in the system32 folder not positive though

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 AM

Posted 24 March 2010 - 07:41 PM

Hi,

could you please run a new scan with Avira then and check if the files get still detected?

regards myrti

Edited by myrti, 24 March 2010 - 07:41 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 24 March 2010 - 09:09 PM

sure I'll post when it is done scanning

#14 Mo_

Mo_
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 25 March 2010 - 05:50 AM

here are the new logs



Avira AntiVir Personal
Report file date: Thursday, March 25, 2010 00:53

Scanning for 1900330 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : THEBIRDFAMILY

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/19/2009 19:45:24
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 19:45:24
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:45:24
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 20:39:27
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:26:45
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 23:50:05
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 23:50:05
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 23:50:05
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 23:50:05
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 23:50:05
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 23:50:06
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 23:50:06
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 23:50:06
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 23:50:06
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 23:50:03
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 14:50:41
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 16:15:32
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 02:28:31
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 02:27:24
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 02:27:30
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 03:40:19
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 10:48:04
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 22:56:32
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:56:32
VBASE023.VDF : 7.10.5.200 2048 Bytes 3/24/2010 22:56:33
VBASE024.VDF : 7.10.5.201 2048 Bytes 3/24/2010 22:56:33
VBASE025.VDF : 7.10.5.202 2048 Bytes 3/24/2010 22:56:34
VBASE026.VDF : 7.10.5.203 2048 Bytes 3/24/2010 22:56:34
VBASE027.VDF : 7.10.5.204 2048 Bytes 3/24/2010 22:56:35
VBASE028.VDF : 7.10.5.205 2048 Bytes 3/24/2010 22:56:35
VBASE029.VDF : 7.10.5.206 2048 Bytes 3/24/2010 22:56:36
VBASE030.VDF : 7.10.5.207 2048 Bytes 3/24/2010 22:56:37
VBASE031.VDF : 7.10.5.208 26112 Bytes 3/24/2010 22:56:37
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/23/2010 19:49:24
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/18/2010 02:27:38
AESCN.DLL : 8.1.5.0 127347 Bytes 2/27/2010 01:06:25
AESBX.DLL : 8.1.2.1 254323 Bytes 3/18/2010 02:27:39
AERDL.DLL : 8.1.4.3 541043 Bytes 3/18/2010 02:27:36
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/20/2010 03:40:26
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/18/2010 02:27:35
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/18/2010 02:27:35
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/18/2010 02:27:29
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/20/2010 03:40:24
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/3/2009 19:59:43
AECORE.DLL : 8.1.12.3 188789 Bytes 3/18/2010 02:27:28
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 9/8/2009 19:33:45
AVREP.DLL : 8.0.0.7 159784 Bytes 2/17/2010 19:54:14
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/11/2009 19:23:51
RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/19/2009 19:45:22

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, March 25, 2010 00:53

Starting search for hidden objects.
'171226' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'IEMonitor.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'MRDaemon.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'IDMan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MaAgent.exe' - '1' Module(s) have been scanned
Scan process 'FLVSrvc.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned
Scan process 'hphmon03.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'ltmsg.exe' - '1' Module(s) have been scanned
Scan process 'Mouse32A.exe' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MediaServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'McciCMService.exe' - '1' Module(s) have been scanned
Scan process 'McSACore.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '69' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]\Nero 9 keygen.rar
[0] Archive type: RAR
--> nero9keygen.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]\Nero 9 keygen\nero9keygen.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Documents and Settings\MOMO\My Documents\Downloads\Internet Download Manager 5.17.4 [IDM] Cracked\idman517_4.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\MOMO\My Documents\Downloads\Internet Download Manager v5.17 Build 3.Incl.Patch by UnReal\Internet Download Manager v5.17 Build 3.Incl.Patch by UnReal.rar
[0] Archive type: RAR
--> Patch 5.xx (2008-12-06).exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028915.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028930.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028959.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028960.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028961.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028962.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP387\A0028999.exe
[DETECTION] Is the TR/Dldr.Bredolab.AA.62 Trojan
C:\WINDOWS\iecsedp.dll
[DETECTION] Is the TR/Hiloti.48640.D.34 Trojan
C:\_OTL\MovedFiles\03212010_163542\C_WINDOWS\system32\fjhdyfhsn.bat
[DETECTION] Contains recognition pattern of the BAT/DelIE.148 batch virus
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]\Nero 9 keygen.rar
[WARNING] The file was ignored!
C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]\Nero 9 keygen\nero9keygen.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\MOMO\My Documents\Downloads\Internet Download Manager 5.17.4 [IDM] Cracked\idman517_4.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\MOMO\My Documents\Downloads\Internet Download Manager v5.17 Build 3.Incl.Patch by UnReal\Internet Download Manager v5.17 Build 3.Incl.Patch by UnReal.rar
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028915.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028930.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028959.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028960.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028961.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP385\A0028962.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP387\A0028999.exe
[DETECTION] Is the TR/Dldr.Bredolab.AA.62 Trojan
[WARNING] The file was ignored!
C:\WINDOWS\iecsedp.dll
[DETECTION] Is the TR/Hiloti.48640.D.34 Trojan
[WARNING] The file was ignored!
C:\_OTL\MovedFiles\03212010_163542\C_WINDOWS\system32\fjhdyfhsn.bat
[DETECTION] Contains recognition pattern of the BAT/DelIE.148 batch virus
[WARNING] The file was ignored!


End of the scan: Thursday, March 25, 2010 06:48
Used time: 3:45:39 Hour(s)

The scan has been done completely.

23166 Scanned directories
730437 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
730422 Files not concerned
15723 Archives were scanned
15 Warnings
2 Notes
171226 Objects were scanned with rootkit scan
0 Hidden objects were found



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 AM

Posted 27 March 2010 - 07:08 AM

QUOTE
C:\Documents and Settings\MOMO\Desktop\Nero 9.4.26.0+keygen [GR420]\Nero 9 keygen\nero9keygen.exe
C:\Documents and Settings\MOMO\My Documents\Downloads\Internet Download Manager 5.17.4 [IDM] Cracked


The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

QUOTE
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

QUOTE
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users