Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with malware/virus removal


  • This topic is locked This topic is locked
20 replies to this topic

#1 diesel_footwear

diesel_footwear

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 04 May 2011 - 09:02 PM

My desktop got infected with some virus when I opened an external hd from a friend. Had Kaspersky disabled because it was really slowing down my pc. Bad move. Anyway, what the malware/virus did was replacing the folders with an executable file with the same name and folder icon and hiding the real folder. Like for example the New Folder would be hidden and another file New Folder.exe is created.
My AV was completely disabled and I cant run HJT or any other. So I tried researching on how to remove this, and somehow I disabled it from running by running a reg file I saw in some forum. So now Im able to run HJT and my Kaspersky, but everytime I scan, it still detects the malware/virus and it says it needs to restart to remove. But still, restarting as many times doesnt work and the pc still not as fast as it used to be. Hope someone will be able to help me.

Added with the rquired attachment is my HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:44:57 AM, on 5/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Minikyou\MinikyouCard.exe
C:\ListCREATOR\f3gbsvlg.exe
C:\ListCREATOR\lclogm.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Documents and Settings\Ton\Desktop\ipmsg205tagalog\IPMSG.exe
C:\oracle\product\10.2.0\client_4\bin\omtsreco.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\12312332.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MinikyouCard] C:\Program Files\Minikyou\MinikyouCard.exe
O4 - Startup: Shortcut to IPMSG.lnk = C:\Documents and Settings\Ton\Desktop\ipmsg205tagalog\IPMSG.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87DB61D7-9CAE-4DA9-94BA-D6F9C00C4B7F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ListCREATOR Service (F3GBSService) - FUJITSU LIMITED - C:\ListCREATOR\f3gbsrv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ListCREATOR Connector - FUJITSU LIMITED - C:\ListCREATOR\f3gbconc.exe
O23 - Service: ListCREATOR Log Service - FUJITSU LIMITED - C:\ListCREATOR\f3gbsvlg.exe
O23 - Service: ListCREATOR SendMaild Service - Fujitsu Limited - C:\ListCREATOR\swmaild.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\product\10.2.0\client_4\bin\omtsreco.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10775 bytes

Attached Files


Edited by diesel_footwear, 04 May 2011 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 12 May 2011 - 10:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 12 May 2011 - 10:40 PM

I forgot to add something regarding the dds, it said that the scan should take no more than 3 mins. Well it took more than 3 mins. More like 30 minutes maybe more i dont really remember. Anyway I forgot to attach the ark log from gmer since it took a while to complete so I scanned it the next day. I was going to attach it but I wasnt able to edit my first post anymore, I didnt want to bump the thread as it would move me the back of the line. Anyway, I just did a scan yesterday and attached the gmer ark.txt with the new logs you requested from otl report.

Anyway, what I did after my first post was deleting the other account in this desktop, I noticed that a Kaspersky notification pops up everytime detecting the virus/malware at that other account's folders. The other account is not being used so I deleted it, it doesnt pop up anymore when Kaspersky runs in the background but it still detects some viruses/malware in the desktop. So its still slow as before. Also when I click the other drives other than the system drive(c:) on My Computer it says "not a valid Win32 Application" although I can explore the other drives using the address bar.

Anyway here are the logs

OTL Extras logfile created on: 5/13/2011 11:07:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ton\Desktop\hjt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 7.95 Gb Free Space | 10.18% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 5.40 Gb Free Space | 11.06% Space Free | Partition Type: NTFS
Drive E: | 22.08 Gb Total Space | 0.43 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
Drive G: | 2.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YENS-05 | User Name: Ton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Documents and Settings\Jeni\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Documents and Settings\Jeni\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Jeni\Desktop\ipmsg.exe" = C:\Documents and Settings\Jeni\Desktop\ipmsg.exe:*:Enabled:IPMsg English
"C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe" = C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe:LocalSubNet:Enabled:MySQL Workbench -- (Oracle Corporation)
"C:\Documents and Settings\Ton\Desktop\Facemoods2.exe" = C:\Documents and Settings\Ton\Desktop\Facemoods2.exe:*:Enabled:Facemoods Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{201202E4-FE5E-3473-BEE4-4E2B59637F68}" = Microsoft Document Explorer 2008 Language Pack - JPN
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150190}" = J2SE Runtime Environment 5.0 Update 19
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{32A3A4F4-B792-11D6-A78A-00B0D0150190}" = J2SE Development Kit 5.0 Update 19
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3CFF0B6E-C441-45F1-873D-1E336525FFB2}" = Microsoft Document Explorer 2005 Language Pack - JPN
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E9C2463-454A-3D20-A8AB-FDF544A829F9}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{44E68244-E8DD-4EE7-BF13-CE142CF69D1A}" = List Creator
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8027B590-CD2B-3C7E-9F00-CDC0916CC915}" = Microsoft .NET Framework 3.5 Language Pack - jpn
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.17
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0411-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Japanese) 12
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-0018-0411-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Japanese) 2007
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0411-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C4B7CDF-6D79-41B5-8620-C7AB2511B1E3}" = ListCREATOR
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9FFDBF28-DA86-44CC-BCD2-9948EE49E7A4}" = ATI Catalyst Control Center
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B0F6AB4A-26D1-4832-AE6D-C3E1093340EC}" = MySQL Server 5.1
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5F5A9E8-55C3-42ED-A554-A29CDF8C9C67}" = eyeBOX
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B85912C8-7F3F-40EC-AE0C-FC5D45B3BB7F}" = MySQL Workbench 5.2 CE
"{BCD29D93-911D-3A71-99EB-0E81362813BE}" = Microsoft Visual Studio 2008 Standard Edition - JPN
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2878DE1-173A-3042-9C2C-3F2B958F61AA}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E33093C6-EB7C-35A9-9216-26EB4B93B379}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAEB7180-7CBB-4380-AA89-3FCFBB3B7D9F}" = Microsoft SQL Server Compact 3.5 Design Tools JPN
"{FBCCDF77-495A-4FA2-9035-33C964EBCA1B}" = Microsoft Visual SourceSafe 2005 - JPN
"{FD395F97-4948-4028-9513-F85D1EC9CE04}" = Microsoft SQL Server Compact 3.5 JPN
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 3.1
"FFFTP" = FFFTP
"IconTweaker" = IconTweaker 1.12
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"im" = Garena Messenger
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"JAIELangPack" = Japanese Language Support
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack - jpn" = Microsoft .NET Framework 3.5 Language Pack - 日本語
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - JPN" = Microsoft Document Explorer 2005 日本語 Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - JPN" = Microsoft Document Explorer 2008 日本語 Language Pack
"Microsoft Visual SourceSafe 2005 - JPN" = Microsoft Visual SourceSafe 2005 - 日本語
"Microsoft Visual Studio 2008 Standard Edition - JPN" = Microsoft Visual Studio 2008 Standard Edition - 日本語
"Minikyou_is1" = Minikyou 1.0
"Mnemosyne_is1" = Mnemosyne 1.2.2
"MOOS Project Viewer" = MOOS Project Viewer
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"PPLive" = PPTV V2.6.3.0006
"setuptools-py2.7" = Python 2.7 setuptools-0.6c11
"SQLyog Community" = SQLyog Community 8.61
"STANDARDR" = Microsoft Office Standard 2007
"TightVNC_is1" = TightVNC 1.3.9
"Unlocker" = Unlocker 1.9.0
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.3
"Wakan" = Wakan 1.67
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XlsToOra_is1" = XlsToOra 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZHCIELangPack" = Chinese (Simplified) Language Support
"ZHTIELangPack" = Chinese (Traditional) Language Support

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chikka Messenger" = Chikka Messenger
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Simple Table Demo Application" = Simple Table Demo Application
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2010 9:51:05 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 11/29/2010 9:08:07 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/1/2010 9:30:27 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/1/2010 9:35:49 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/2/2010 9:50:14 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/2/2010 9:54:02 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/5/2010 9:36:11 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/5/2010 9:39:58 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/5/2010 9:42:17 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

Error - 12/6/2010 9:46:19 PM | Computer Name = YENS-05 | Source = ListCREATOR | ID = 67244941
Description = 有効期限を過ぎているため、サービスの起動ができません。

[ OSession Events ]
Error - 1/18/2010 5:56:37 PM | Computer Name = YENS-05 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 15234
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 2/19/2010 11:12:22 PM | Computer Name = YENS-05 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 292696
seconds with 34080 seconds of active time. This session ended with a crash.

Error - 3/1/2010 6:43:54 PM | Computer Name = YENS-05 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 1400
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/10/2011 4:50:39 AM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7034
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/10/2011 9:28:18 PM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7023
Description = The ListCREATOR Service service terminated with the following error:
%%5

Error - 5/10/2011 9:31:59 PM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
%%5

Error - 5/11/2011 2:54:26 AM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7023
Description = The ListCREATOR Service service terminated with the following error:
%%5

Error - 5/11/2011 5:45:46 AM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7023
Description = The ListCREATOR Service service terminated with the following error:
%%5

Error - 5/11/2011 9:31:05 PM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7023
Description = The ListCREATOR Service service terminated with the following error:
%%5

Error - 5/12/2011 12:32:45 AM | Computer Name = YENS-05 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/12/2011 1:15:16 AM | Computer Name = YENS-05 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/12/2011 8:47:14 PM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7023
Description = The ListCREATOR Service service terminated with the following error:
%%5

Error - 5/12/2011 11:03:09 PM | Computer Name = YENS-05 | Source = Service Control Manager | ID = 7023
Description = The ListCREATOR Service service terminated with the following error:
%%5


< End of report >


OTL logfile created on: 5/13/2011 11:07:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ton\Desktop\hjt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 7.95 Gb Free Space | 10.18% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 5.40 Gb Free Space | 11.06% Space Free | Partition Type: NTFS
Drive E: | 22.08 Gb Total Space | 0.43 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
Drive G: | 2.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YENS-05 | User Name: Ton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 10:57:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ton\Desktop\hjt\OTL.exe
PRC - [2011/05/11 13:58:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/01/20 17:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/20 13:07:02 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/01/07 08:05:38 | 000,057,616 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\client_4\BIN\omtsreco.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 08:39:32 | 000,026,312 | ---- | M] (FUJITSU LIMITED) -- C:\ListCREATOR\F3gbsvlg.exe
PRC - [2008/02/15 04:19:38 | 000,020,752 | ---- | M] (PFU LIMITED) -- C:\ListCREATOR\lclogm.exe
PRC - [2007/05/10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2007/04/21 09:37:02 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2006/09/26 01:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/03/30 20:25:52 | 000,862,208 | ---- | M] (Erick Hartanto) -- C:\Program Files\Minikyou\MinikyouCard.exe
PRC - [2004/08/31 16:33:40 | 000,160,256 | ---- | M] (H.Shirouzu) -- C:\Documents and Settings\Ton\Desktop\ipmsg205tagalog\IPMSG.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 10:57:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ton\Desktop\hjt\OTL.exe
MOD - [2010/10/27 18:05:34 | 000,099,760 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll
MOD - [2010/07/05 05:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/07/12 17:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 17:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/14 20:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006/10/27 06:55:14 | 001,146,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\IMJP12K.DLL
MOD - [2006/10/27 06:55:10 | 000,999,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\IMJP12.IME


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/01/07 08:05:38 | 000,057,616 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\client_4\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/25 01:13:06 | 000,081,168 | ---- | M] (FUJITSU LIMITED) [Auto | Stopped] -- C:\ListCREATOR\F3gbsrv.exe -- (F3GBSService)
SRV - [2008/04/11 08:39:32 | 000,046,424 | ---- | M] (FUJITSU LIMITED) [On_Demand | Stopped] -- C:\ListCREATOR\f3gbconc.exe -- (ListCREATOR Connector)
SRV - [2008/04/11 08:39:32 | 000,026,312 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\ListCREATOR\F3gbsvlg.exe -- (ListCREATOR Log Service)
SRV - [2008/02/16 02:04:14 | 000,191,050 | ---- | M] (Fujitsu Limited) [On_Demand | Stopped] -- C:\ListCREATOR\swmaild.exe -- (ListCREATOR SendMaild Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 15:28:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/01/06 03:24:54 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/09/24 01:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/16 06:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/17 12:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/14 09:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/12/16 12:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/04/14 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/03/07 11:21:24 | 010,423,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/04/11 11:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/09 01:12:48 | 001,921,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/03 00:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gooogle.com"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..keyword.URL: "http://start.facemoods.com/results.php?f=5&a=fbpage1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 13:59:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 13:59:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/10 07:32:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/06 03:25:35 | 000,000,000 | ---D | M]

[2010/09/10 07:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions
[2010/09/10 05:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/12 10:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions
[2010/09/10 07:24:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/11 14:02:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/10 15:28:39 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com
[2010/09/16 17:37:19 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\mil@toolbar
[2011/05/10 15:28:19 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\searchplugins\daemon-search.xml
[2011/05/11 09:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 02:04:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/10 07:50:00 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7BQYNZTN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7BQYNZTN.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2010/09/14 02:01:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/11 13:58:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/14 02:01:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 00:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/05/11 13:58:46 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/07/27 16:48:38 | 000,002,039 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfbpage1.xml

O1 HOSTS File: ([2011/04/18 15:49:52 | 000,432,284 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004..\Run: [MinikyouCard] C:\Program Files\Minikyou\MinikyouCard.exe (Erick Hartanto)
O4 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - Startup: C:\Documents and Settings\Ton\Start Menu\Programs\Startup\Shortcut to IPMSG.lnk = C:\Documents and Settings\Ton\Desktop\ipmsg205tagalog\IPMSG.exe (H.Shirouzu)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = kbdsys.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = classified.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = do not open - secrets!.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = read1st!.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = read1st.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = 1.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = 2.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = dirlock.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = winnthlp1.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = winnthlp2.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = nthlpsvc1.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = nthlpsvc2.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = mp3-hot-collections.exe
O7 - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = mp4-hot-collections.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab (Java Plug-in 1.5.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Ton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/05 09:37:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 13:47:07 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2000/01/01 00:00:00 | 000,000,253 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/18 16:00:10 | 000,000,082 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/19 22:27:19 | 000,043,344 | R--- | M] (Microsoft Corporation) - G:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/25 12:30:30 | 000,000,048 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{fad209d4-7aa6-11e0-9876-00e04d49279c}\Shell - "" = AutoRun
O33 - MountPoints2\{fad209d4-7aa6-11e0-9876-00e04d49279c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fad209d4-7aa6-11e0-9876-00e04d49279c}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2010/03/19 22:27:19 | 000,043,344 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\C\Shell\auto\command - "" = C:\Read1st.exe
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe
O33 - MountPoints2\C\Shell\explore\command - "" = C:\Read1st.exe
O33 - MountPoints2\C\Shell\open\command - "" = C:\Read1st.exe
O33 - MountPoints2\D\Shell\auto\command - "" = D:\Read1st.exe -- [2011/04/14 13:40:39 | 000,000,000 | RHS- | M] ()
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe
O33 - MountPoints2\D\Shell\explore\command - "" = D:\Read1st.exe -- [2011/04/14 13:40:39 | 000,000,000 | RHS- | M] ()
O33 - MountPoints2\D\Shell\open\command - "" = D:\Read1st.exe -- [2011/04/14 13:40:39 | 000,000,000 | RHS- | M] ()
O33 - MountPoints2\E\Shell\auto\command - "" = E:\Read1st.exe
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe
O33 - MountPoints2\E\Shell\explore\command - "" = E:\Read1st.exe
O33 - MountPoints2\E\Shell\open\command - "" = E:\Read1st.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3E9C2463-454A-3D20-A8AB-FDF544A829F9} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {76C19B30-F0C8-11cf-87CC-0020AFEECF20} - Japanese Language Support
ActiveX: {76C19B33-F0C8-11cf-87CC-0020AFEECF20} - Chinese (Traditional) Language Support
ActiveX: {76C19B34-F0C8-11cf-87CC-0020AFEECF20} - Chinese (Simplified) Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8B6F571-EA7C-4128-811A-E1CD38334387} - .NET Framework
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 10:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/05/12 09:54:11 | 000,367,954 | ---- | C] (Conduit) -- C:\Documents and Settings\Ton\My Documents\Brothersoftdownloader_for_Yahoo_Messenger.exe
[2011/05/12 09:42:37 | 000,418,616 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Ton\My Documents\msgr10us.exe
[2011/05/11 15:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\u
[2011/05/11 15:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\txt
[2011/05/11 15:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\Shiawaseall
[2011/05/11 14:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\curry
[2011/05/11 14:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\utmp
[2011/05/11 09:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Local Settings\Application Data\PCHealth
[2011/05/10 15:28:54 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/05/10 15:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/05/10 15:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2011/05/10 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/05/10 15:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Application Data\DAEMON Tools Lite
[2011/05/10 15:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/10 15:15:22 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Ton\My Documents\DTLite4402-0131.exe
[2011/05/05 10:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\hjt
[2011/04/29 14:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\My Documents\Heroes of Newerth (Garena)
[2011/04/29 13:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Start Menu\Programs\Heroes of Newerth
[2011/04/29 11:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garena
[2011/04/29 11:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2011/04/29 10:30:51 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/04/29 10:30:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/04/29 10:30:50 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/04/29 10:30:43 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/04/20 10:49:35 | 000,069,632 | ---- | C] (iSergiwa Software - www.sergiwa.com) -- C:\Documents and Settings\Ton\My Documents\iReset.exe
[2011/04/14 14:16:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/14 12:07:09 | 000,000,000 | ---D | C] -- C:\123123123
[2011/04/14 11:55:36 | 000,000,000 | ---D | C] -- C:\Autoruns
[2011/04/14 11:08:19 | 000,000,000 | ---D | C] -- C:\backups
[2011/04/14 11:05:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\12312332.exe
[2011/04/14 10:59:32 | 000,000,000 | -HSD | C] -- C:\read1st
[2011/04/14 10:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/04/14 10:27:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ton\My Documents\HijackThis.exe
[2011/04/14 10:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lambda
[2011/03/29 10:08:36 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2011/03/29 10:08:36 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2011/03/29 10:08:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2011/03/29 10:08:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 11:08:24 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/13 11:08:24 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/13 11:02:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/13 11:02:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/13 10:44:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1767777339-1417001333-1004UA.job
[2011/05/13 10:44:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1767777339-1417001333-1004Core.job
[2011/05/13 10:05:46 | 009,289,544 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\[ims]Good Ending - Ch80.zip
[2011/05/12 14:29:52 | 000,053,371 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\Visa application form.pdf
[2011/05/12 10:08:04 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ton\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/12 10:08:04 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/12 10:01:07 | 017,254,232 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\ymsgr1000_1241_us.exe
[2011/05/12 09:54:14 | 000,367,954 | ---- | M] (Conduit) -- C:\Documents and Settings\Ton\My Documents\Brothersoftdownloader_for_Yahoo_Messenger.exe
[2011/05/12 09:42:38 | 000,418,616 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Ton\My Documents\msgr10us.exe
[2011/05/11 17:44:22 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ton\PUTTY.RND
[2011/05/11 13:28:50 | 001,077,874 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\u.zip
[2011/05/11 09:30:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/10 17:25:20 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Ton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 15:28:54 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/05/10 15:21:39 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/05/10 15:17:57 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Ton\My Documents\DTLite4402-0131.exe
[2011/05/10 10:15:22 | 000,536,167 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\INZ1017.pdf
[2011/05/10 09:44:11 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Ton\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 09:44:04 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\Google Chrome.lnk
[2011/05/09 14:44:55 | 000,058,116 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\150375_1526389798308_1191541597_31207271_1705912_n.jpg
[2011/05/06 11:04:03 | 184,549,376 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\The.Big.Bang.Theory.S04E22.HDTV.XviD-ASAP.avi
[2011/05/04 15:23:46 | 011,596,032 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\Garena_setup.exe
[2011/05/03 14:03:29 | 048,855,579 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\NCS_FINGERPRINT.zip
[2011/04/29 11:18:26 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garena Messenger.lnk
[2011/04/20 10:49:35 | 000,069,632 | ---- | M] (iSergiwa Software - www.sergiwa.com) -- C:\Documents and Settings\Ton\My Documents\iReset.exe
[2011/04/18 15:49:52 | 000,432,284 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/15 10:29:42 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/15 10:29:42 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/14 14:03:01 | 000,000,269 | ---- | M] () -- C:\folderoptions.reg
[2011/04/14 13:40:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\MP3-Hot-Collections.exe.exe
[2011/04/14 13:40:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Classified.exe
[2011/04/14 13:17:43 | 000,000,490 | ---- | M] () -- C:\KillX.bat
[2011/04/14 13:16:41 | 000,007,294 | ---- | M] () -- C:\class-x2.vbs
[2011/04/14 13:12:28 | 000,004,357 | ---- | M] () -- C:\gg.bat
[2011/04/14 13:10:03 | 000,000,012 | ---- | M] () -- C:\WINDOWS\shutdown.dll
[2011/04/14 13:07:12 | 000,004,528 | ---- | M] () -- C:\class-x.vbs
[2011/04/14 12:54:23 | 000,000,443 | ---- | M] () -- C:\classx.reg
[2011/04/14 12:37:35 | 000,000,064 | ---- | M] () -- C:\Unlocker.cfg
[2011/04/14 11:58:01 | 000,620,972 | ---- | M] () -- C:\Copy of 123123123.zip
[2011/04/14 11:58:01 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\123123123.zip
[2011/04/14 11:58:01 | 000,620,972 | ---- | M] () -- C:\123123123.zip
[2011/04/14 10:37:47 | 000,178,152 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\activescan2_en.exe
[2011/04/14 10:28:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ton\My Documents\HijackThis.exe
[2011/04/14 10:28:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\12312332.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 10:05:43 | 009,289,544 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\[ims]Good Ending - Ch80.zip
[2011/05/12 14:29:52 | 000,053,371 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\Visa application form.pdf
[2011/05/12 10:08:04 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ton\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/12 10:08:04 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/12 09:55:01 | 017,254,232 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\ymsgr1000_1241_us.exe
[2011/05/11 14:01:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/11 13:29:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ton\PUTTY.RND
[2011/05/11 13:28:49 | 001,077,874 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\u.zip
[2011/05/10 15:21:39 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/05/10 10:14:09 | 000,536,167 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\INZ1017.pdf
[2011/05/09 14:44:52 | 000,058,116 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\150375_1526389798308_1191541597_31207271_1705912_n.jpg
[2011/05/06 11:19:40 | 184,549,376 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\The.Big.Bang.Theory.S04E22.HDTV.XviD-ASAP.avi
[2011/05/04 14:42:17 | 011,596,032 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\Garena_setup.exe
[2011/05/03 14:10:44 | 048,855,579 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\NCS_FINGERPRINT.zip
[2011/04/29 11:18:26 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garena Messenger.lnk
[2011/04/20 16:46:38 | 2005,616,290 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\SOE-491.avi
[2011/04/20 16:45:17 | 000,166,573 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\soe491.jpg
[2011/04/14 14:03:01 | 000,000,269 | ---- | C] () -- C:\folderoptions.reg
[2011/04/14 13:40:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\MP3-Hot-Collections.exe.exe
[2011/04/14 13:40:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Classified.exe
[2011/04/14 13:17:43 | 000,000,490 | ---- | C] () -- C:\KillX.bat
[2011/04/14 13:16:39 | 000,007,294 | ---- | C] () -- C:\class-x2.vbs
[2011/04/14 13:12:28 | 000,004,357 | ---- | C] () -- C:\gg.bat
[2011/04/14 12:54:23 | 000,000,443 | ---- | C] () -- C:\classx.reg
[2011/04/14 12:53:23 | 000,004,528 | ---- | C] () -- C:\class-x.vbs
[2011/04/14 12:36:51 | 000,000,064 | ---- | C] () -- C:\Unlocker.cfg
[2011/04/14 12:06:57 | 000,620,972 | ---- | C] () -- C:\123123123.zip
[2011/04/14 12:06:53 | 000,620,972 | ---- | C] () -- C:\Copy of 123123123.zip
[2011/04/14 12:00:05 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\123123123.zip
[2011/04/14 10:36:22 | 000,178,152 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\activescan2_en.exe
[2011/04/14 10:19:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\shutdown.dll
[2011/03/29 10:08:48 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2011/03/29 10:08:48 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2011/03/29 10:08:47 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2011/03/29 10:08:47 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2011/03/11 11:47:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/12/20 18:10:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010/09/16 08:22:33 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Ton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 09:16:51 | 000,007,333 | ---- | C] () -- C:\WINDOWS\System32\f3gbsmon.dat
[2010/01/07 01:41:24 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/06 04:17:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/06 03:34:02 | 000,604,140 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ISwift3.dat
[2010/01/06 03:25:52 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/01/06 03:25:52 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/06 03:10:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2010/01/06 02:15:31 | 000,010,074 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2010/01/05 10:10:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/05 10:09:03 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/01/05 10:08:52 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/01/05 10:08:52 | 000,145,112 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/05 09:39:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/05 09:34:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/05 01:24:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/05 01:23:12 | 000,180,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/04 07:45:12 | 000,027,507 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Windows Live.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\System.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\SpeechEngines.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\snpstd3.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Skype.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Services.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\PPLiveNetwork.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\ODBC.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\MSSoap.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Microsoft Shared.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Merge Modules.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Java.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\InstallShield.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\DESIGNER.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Classified.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Apple.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Adobe.exe
[2000/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\Program Files\Common Files\Adobe AIR.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/04/14 10:28:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\12312332.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Attached Files

  • Attached File  ark.txt   15.7KB   0 downloads


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 14 May 2011 - 02:52 PM

Hi,

the problem is likely due to the autorun.inf files:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Please also run aswMBR:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 May 2011 - 09:24 PM

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 10:03:24
-----------------------------
10:03:24.921 OS Version: Windows 5.1.2600 Service Pack 3
10:03:24.921 Number of processors: 2 586 0x6B01
10:03:24.921 ComputerName: YENS-05 UserName: Ton
10:04:09.109 Initialize success
10:08:57.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:09:28.531 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
10:09:30.531 Disk 0 MBR read successfully
10:09:30.531 Disk 0 MBR scan
10:09:30.531 Disk 0 Windows XP default MBR code
10:09:32.546 Disk 0 scanning sectors +312560640
10:09:32.562 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:49.500 Service scanning
10:10:05.218 Disk 0 trace - called modules:
10:10:05.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:10:05.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a51dab8]
10:10:05.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a5641e0]
10:10:05.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4e2940]
10:10:05.250 Scan finished successfully
10:16:25.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ton\Desktop\hjt\MBR.dat"
10:16:25.984 The log file has been saved successfully to "C:\Documents and Settings\Ton\Desktop\hjt\aswMBR.txt"




#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 16 May 2011 - 03:44 AM

nHi,

please run the following fix and let me know how the PC is doing afterwards:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
    IE - HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 9666
    [2011/05/10 15:28:39 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O32 - AutoRun File - [2000/01/01 00:00:00 | 000,000,253 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2011/04/18 16:00:10 | 000,000,082 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\C\Shell\auto\command - "" = C:\Read1st.exe
    O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe
    O33 - MountPoints2\C\Shell\explore\command - "" = C:\Read1st.exe
    O33 - MountPoints2\C\Shell\open\command - "" = C:\Read1st.exe
    O33 - MountPoints2\D\Shell\auto\command - "" = D:\Read1st.exe -- [2011/04/14 13:40:39 | 000,000,000 | RHS- | M] ()
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe
    O33 - MountPoints2\D\Shell\explore\command - "" = D:\Read1st.exe -- [2011/04/14 13:40:39 | 000,000,000 | RHS- | M] ()
    O33 - MountPoints2\D\Shell\open\command - "" = D:\Read1st.exe -- [2011/04/14 13:40:39 | 000,000,000 | RHS- | M] ()
    O33 - MountPoints2\E\Shell\auto\command - "" = E:\Read1st.exe
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe
    O33 - MountPoints2\E\Shell\explore\command - "" = E:\Read1st.exe
    O33 - MountPoints2\E\Shell\open\command - "" = E:\Read1st.exe
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 May 2011 - 04:43 AM

Fix log:

========== OTL ==========
HKU\S-1-5-21-854245398-1767777339-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-854245398-1767777339-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully.
C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
D:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
File C:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
D:\Read1st.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Read1st.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Read1st.exe not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05162011_173349


Follow up scan:

OTL logfile created on: 5/16/2011 5:42:16 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ton\Desktop\hjt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 7.81 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 5.39 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive E: | 22.08 Gb Total Space | 0.43 Gb Free Space | 1.94% Space Free | Partition Type: NTFS

Computer Name: YENS-05 | User Name: Ton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ton\Desktop\hjt\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\oracle\product\10.2.0\client_4\BIN\omtsreco.exe (Oracle Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\ListCREATOR\F3gbsvlg.exe (FUJITSU LIMITED)
PRC - C:\ListCREATOR\lclogm.exe (PFU LIMITED)
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - C:\WINDOWS\tsnpstd3.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Minikyou\MinikyouCard.exe (Erick Hartanto)
PRC - C:\Program Files\Wakan\wakan.exe ()
PRC - C:\Documents and Settings\Ton\Desktop\ipmsg205tagalog\IPMSG.exe (H.Shirouzu)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ton\Desktop\hjt\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PPLive Corporation)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\IMJP12K.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\IMJP12.IME (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (OracleMTSRecoveryService) -- C:\oracle\product\10.2.0\client_4\bin\omtsreco.exe (Oracle Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (F3GBSService) -- C:\ListCREATOR\F3gbsrv.exe (FUJITSU LIMITED)
SRV - (ListCREATOR Connector) -- C:\ListCREATOR\f3gbconc.exe (FUJITSU LIMITED)
SRV - (ListCREATOR Log Service) -- C:\ListCREATOR\F3gbsvlg.exe (FUJITSU LIMITED)
SRV - (ListCREATOR SendMaild Service) -- C:\ListCREATOR\swmaild.exe (Fujitsu Limited)


========== Driver Services (SafeList) ==========

DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gooogle.com"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://start.facemoods.com/results.php?f=5&a=fbpage1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/03/02 06:09:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/14 02:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 13:59:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 13:59:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/10 07:32:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/06 03:25:35 | 000,000,000 | ---D | M]

[2010/09/10 07:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions
[2010/09/10 05:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/10 07:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/16 17:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions
[2010/09/10 07:24:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/11 14:02:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/16 17:37:19 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\extensions\mil@toolbar
[2011/05/10 15:28:19 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\searchplugins\daemon-search.xml
[2011/05/11 09:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/11 13:59:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/14 02:04:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/10 07:50:00 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7BQYNZTN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7BQYNZTN.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2010/09/14 02:01:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/11 13:58:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/14 02:01:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/09/10 07:32:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/13 00:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/05/11 13:58:46 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/21 18:31:48 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/05/11 13:58:46 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/09/21 18:31:48 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/05/11 13:58:46 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/27 16:48:38 | 000,002,039 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfbpage1.xml
[2011/05/11 13:58:46 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/05/11 13:58:46 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/05/11 13:58:46 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/18 15:49:52 | 000,432,284 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IME JPN 2007 Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEJP\IMJPKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Ton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MinikyouCard] C:\Program Files\Minikyou\MinikyouCard.exe (Erick Hartanto)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Documents and Settings\Ton\Start Menu\Programs\Startup\Shortcut to IPMSG.lnk = C:\Documents and Settings\Ton\Desktop\ipmsg205tagalog\IPMSG.exe (H.Shirouzu)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = kbdsys.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = classified.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = do not open - secrets!.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = read1st!.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = read1st.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = 1.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = 2.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = dirlock.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = winnthlp1.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = winnthlp2.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = nthlpsvc1.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = nthlpsvc2.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = mp3-hot-collections.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = mp4-hot-collections.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab (Java Plug-in 1.5.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/05 09:37:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/16 09:54:37 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 13:47:07 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 17:33:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 10:33:57 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ton\Desktop\aswMBR2.exe
[2011/05/16 10:00:21 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ton\Desktop\aswMBR.exe
[2011/05/16 09:54:37 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/05/13 12:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\[ims]Good Ending - Ch80
[2011/05/12 10:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/05/12 09:54:11 | 000,367,954 | ---- | C] (Conduit) -- C:\Documents and Settings\Ton\My Documents\Brothersoftdownloader_for_Yahoo_Messenger.exe
[2011/05/12 09:42:37 | 000,418,616 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Ton\My Documents\msgr10us.exe
[2011/05/11 15:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\u
[2011/05/11 15:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\txt
[2011/05/11 15:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\Shiawaseall
[2011/05/11 14:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\curry
[2011/05/11 14:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\utmp
[2011/05/11 09:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Local Settings\Application Data\PCHealth
[2011/05/10 15:28:54 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/05/10 15:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/05/10 15:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2011/05/10 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/05/10 15:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Application Data\DAEMON Tools Lite
[2011/05/10 15:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/10 15:15:22 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Ton\My Documents\DTLite4402-0131.exe
[2011/05/05 10:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\hjt
[2011/04/29 14:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\My Documents\Heroes of Newerth (Garena)
[2011/04/29 13:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Start Menu\Programs\Heroes of Newerth
[2011/04/29 11:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garena
[2011/04/29 11:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2011/04/29 10:30:51 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/04/29 10:30:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/04/29 10:30:50 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/04/29 10:30:43 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/04/20 10:49:35 | 000,069,632 | ---- | C] (iSergiwa Software - www.sergiwa.com) -- C:\Documents and Settings\Ton\My Documents\iReset.exe
[2011/03/29 10:08:36 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2011/03/29 10:08:36 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2011/03/29 10:08:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2011/03/29 10:08:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 17:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1767777339-1417001333-1004UA.job
[2011/05/16 16:18:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/16 10:44:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1767777339-1417001333-1004Core.job
[2011/05/16 10:34:02 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ton\Desktop\aswMBR2.exe
[2011/05/16 10:09:35 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/16 10:09:35 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/16 10:02:35 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/16 10:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 10:00:25 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ton\Desktop\aswMBR.exe
[2011/05/16 09:42:06 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\Flash_Disinfector.exe
[2011/05/16 09:34:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 12:52:42 | 020,533,281 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\vlc-1.1.9-win32.exe
[2011/05/13 12:19:24 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Ton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 14:29:52 | 000,053,371 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\Visa application form.pdf
[2011/05/12 10:08:04 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ton\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/12 10:08:04 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/12 10:01:07 | 017,254,232 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\ymsgr1000_1241_us.exe
[2011/05/12 09:54:14 | 000,367,954 | ---- | M] (Conduit) -- C:\Documents and Settings\Ton\My Documents\Brothersoftdownloader_for_Yahoo_Messenger.exe
[2011/05/12 09:42:38 | 000,418,616 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Ton\My Documents\msgr10us.exe
[2011/05/11 17:44:22 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ton\PUTTY.RND
[2011/05/11 13:28:50 | 001,077,874 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\u.zip
[2011/05/10 15:28:54 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/05/10 15:21:39 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/05/10 15:17:57 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Ton\My Documents\DTLite4402-0131.exe
[2011/05/10 10:15:22 | 000,536,167 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\INZ1017.pdf
[2011/05/10 09:44:11 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Ton\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 09:44:04 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\Google Chrome.lnk
[2011/05/09 14:44:55 | 000,058,116 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\150375_1526389798308_1191541597_31207271_1705912_n.jpg
[2011/05/06 11:04:03 | 184,549,376 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\The.Big.Bang.Theory.S04E22.HDTV.XviD-ASAP.avi
[2011/05/04 15:23:46 | 011,596,032 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\Garena_setup.exe
[2011/05/03 14:03:29 | 048,855,579 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\NCS_FINGERPRINT.zip
[2011/04/29 11:18:26 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garena Messenger.lnk
[2011/04/20 10:49:35 | 000,069,632 | ---- | M] (iSergiwa Software - www.sergiwa.com) -- C:\Documents and Settings\Ton\My Documents\iReset.exe
[2011/04/18 15:49:52 | 000,432,284 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 09:42:04 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\Flash_Disinfector.exe
[2011/05/13 12:48:16 | 020,533,281 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\vlc-1.1.9-win32.exe
[2011/05/12 14:29:52 | 000,053,371 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\Visa application form.pdf
[2011/05/12 10:08:04 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ton\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/12 10:08:04 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/12 09:55:01 | 017,254,232 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\ymsgr1000_1241_us.exe
[2011/05/11 14:01:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/11 13:29:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ton\PUTTY.RND
[2011/05/11 13:28:49 | 001,077,874 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\u.zip
[2011/05/10 15:21:39 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/05/10 10:14:09 | 000,536,167 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\INZ1017.pdf
[2011/05/09 14:44:52 | 000,058,116 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\150375_1526389798308_1191541597_31207271_1705912_n.jpg
[2011/05/06 11:19:40 | 184,549,376 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\The.Big.Bang.Theory.S04E22.HDTV.XviD-ASAP.avi
[2011/05/04 14:42:17 | 011,596,032 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\Garena_setup.exe
[2011/05/03 14:10:44 | 048,855,579 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\NCS_FINGERPRINT.zip
[2011/04/29 11:18:26 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garena Messenger.lnk
[2011/04/20 16:46:38 | 2005,616,290 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\SOE-491.avi
[2011/04/20 16:45:17 | 000,166,573 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\soe491.jpg
[2011/04/14 10:19:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\shutdown.dll
[2011/03/29 10:08:48 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2011/03/29 10:08:48 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2011/03/29 10:08:47 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2011/03/29 10:08:47 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2011/03/11 11:47:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/12/20 18:10:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010/09/16 08:22:33 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Ton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 09:16:51 | 000,007,333 | ---- | C] () -- C:\WINDOWS\System32\f3gbsmon.dat
[2010/01/07 01:41:24 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/06 04:17:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/06 03:34:02 | 000,604,140 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ISwift3.dat
[2010/01/06 03:25:52 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/01/06 03:25:52 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/06 03:10:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2010/01/06 02:15:31 | 000,010,074 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2010/01/05 10:10:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/05 10:09:03 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/01/05 10:08:52 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/01/05 10:08:52 | 000,145,112 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/05 09:39:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/05 09:34:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/05 01:24:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/05 01:23:12 | 000,180,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/04 07:45:12 | 000,027,507 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


I think the performance is better than before. Although what bothers me is Kaspersky still detects something and when I click neutralize all, it only shows the list/reports of the previous detections, without the option of disinfecting.

Edited by diesel_footwear, 16 May 2011 - 05:01 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 16 May 2011 - 05:02 AM

hi,

can you access your hard drive normally now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 May 2011 - 09:35 AM

Yes, I can access it normally now.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 16 May 2011 - 02:23 PM

Hi,

well that's good news :) Can you do a full scan with Kaspersky and let me know what it finds?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 17 May 2011 - 03:15 AM

I did a full scan and here's the log of Kaspersky. Im not sure but it still, a "Threats have been detected" pop up still shows when I open the program. :|
I think this is the log is from the start when it detected its first malware/virus

Status: Detected (events: 3)
2/23/2010 6:01:31 AM Detected malicious URL http://www.echoecho.com/ee.js
2/23/2010 10:16:17 AM Detected legal software that can be used by criminals for damaging your computer or personal data PDM.Suspicious driver installation C:\PROGRAM FILES\WINRAR\WINRAR.EXE
12/16/2010 9:31:23 AM Detected legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch
Status: Deleted (events: 53)
3/2/2010 6:07:32 AM Deleted virus Virus.Win32.VB.bu G:\EXPLORER.EXE
4/18/2011 12:22:06 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
4/14/2011 5:29:27 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
4/14/2011 2:05:48 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
4/15/2011 8:28:58 AM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\Jeni\Desktop\Classified.exe
4/14/2011 4:20:52 PM Deleted virus Worm.Win32.AutoRun.auoz D:\MP4-Hot-Collections.exe.exe
4/15/2011 3:06:20 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP7\A0000038.exe
4/18/2011 11:37:07 AM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\Jeni\Desktop\Classified.exe
4/18/2011 12:01:52 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe.exe
4/18/2011 12:57:58 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP7\A0000058.exe
4/18/2011 4:00:09 PM Deleted virus Worm.Win32.AutoRun.auoz D:\FavoriteVideo.exe
4/18/2011 6:36:30 PM Deleted virus Worm.Win32.AutoRun.auoz E:\MP4-Hot-Collections.exe
4/18/2011 6:36:30 PM Deleted virus Worm.Win32.AutoRun.auoz c:\WINDOWS\system32.exe
4/18/2011 6:36:30 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\MP3-Hot-Collections.exe
4/18/2011 6:36:30 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe
4/18/2011 6:36:30 PM Deleted virus Worm.Win32.AutoRun.auoz D:\MP4-Hot-Collections.exe
4/18/2011 6:36:31 PM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe
4/19/2011 9:34:32 AM Deleted virus Worm.Win32.AutoRun.auoz c:\Documents and Settings\Jeni\Desktop\Classified.exe
4/18/2011 7:07:40 PM Deleted virus Worm.Win32.AutoRun.auoz C:\read1st\Classified.exe
4/20/2011 11:41:19 AM Deleted Trojan program Exploit.HTML.CVE-2010-1885.av C:\Documents and Settings\Ton\Local Settings\Application Data\Mozilla\Firefox\Profiles\7bqynztn.default\Cache\27FC6ABDd01
4/20/2011 3:23:12 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP7\A0000095.exe
4/20/2011 3:35:04 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP7\A0000096.exe
4/26/2011 3:20:52 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP8\A0003566.exe
4/27/2011 3:15:29 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP9\A0005598.exe
5/2/2011 2:49:26 PM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP9\A0005599.exe
5/6/2011 11:15:58 AM Deleted virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\Read1st.exe
5/13/2011 11:40:11 AM Deleted virus Worm.Win32.AutoRun.auoz c:\Program Files\Common Files\Adobe.exe
5/17/2011 10:08:57 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP21\A0019747.exe
5/17/2011 10:15:33 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026570.exe
5/17/2011 10:15:34 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026566.exe
5/17/2011 10:15:32 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026571.exe
5/17/2011 10:15:35 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026572.exe
5/17/2011 10:15:35 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026573.exe
5/17/2011 10:15:40 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026574.exe
5/17/2011 10:15:41 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026575.exe
5/17/2011 10:15:42 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026576.exe
5/17/2011 10:15:43 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026577.exe
5/17/2011 10:15:44 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026578.exe
5/17/2011 10:15:49 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026579.exe
5/17/2011 10:15:51 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026580.exe
5/17/2011 10:15:50 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026581.exe
5/17/2011 10:15:52 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026582.exe
5/17/2011 10:15:55 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026583.exe
5/17/2011 10:15:56 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026584.exe
5/17/2011 10:16:01 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026585.exe
5/17/2011 10:16:03 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP22\A0026586.exe
5/17/2011 10:16:13 AM Deleted virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP9\A0005590.exe
5/17/2011 10:17:25 AM Deleted virus Worm.Win32.AutoRun.auoz D:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP9\A0003625.exe
5/17/2011 3:35:26 PM Deleted Trojan program Backdoor.Win32.Poison.ckxp D:\Portable ofc\Office 2007\MSOffice2007-6in1-Settings\300000003f00002i\CLVIEW.EXE
5/17/2011 3:35:42 PM Deleted virus Worm.Win32.AutoRun.auoz D:\read1st\Classified.exe
5/17/2011 3:37:58 PM Deleted Trojan program Backdoor.Win32.Poison.ckxp D:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP23\A0029823.EXE
5/17/2011 3:37:59 PM Deleted virus Worm.Win32.AutoRun.auoz D:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP23\A0029824.exe
5/17/2011 3:54:51 PM Deleted virus Worm.Win32.AutoRun.auoz E:\read1st\Classified.exe
Status: Detected (events: 2)
9/22/2010 2:03:03 PM Detected virus HEUR:Trojan.Script.Iframer http://darkpatterns.org/css/colorbox.css//colorbox
9/22/2010 2:03:07 PM Detected virus HEUR:Trojan.Script.Iframer http://darkpatterns.org/wp-content/themes/fonts/Cecilia.ttf//Cecilia
Status: Absent (events: 11)
4/14/2011 2:42:37 PM Not found virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
4/18/2011 6:36:31 PM Not found virus Worm.Win32.AutoRun.auoz c:\Documents and Settings\Jeni\Desktop\Read1st.exe
4/20/2011 11:37:42 AM Not found virus Worm.Win32.AutoRun.auoz D:\FavoriteVideo.exe
4/19/2011 9:34:32 AM Not found virus Worm.Win32.AutoRun.auoz c:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe
4/20/2011 1:36:58 PM Not found virus Worm.Win32.AutoRun.auoz C:\read1st\Classified.exe
5/12/2011 2:21:44 PM Not found virus Worm.Win32.AutoRun.auoz C:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP9\A0005599.exe
5/12/2011 2:21:44 PM Not found virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\All Users\Documents\Read1st.exe
5/13/2011 11:45:46 AM Not found virus Worm.Win32.AutoRun.auoz c:\Program Files\Common Files\Adobe AIR.exe
5/13/2011 11:45:47 AM Not found virus Worm.Win32.AutoRun.auoz c:\Program Files\Common Files\Adobe AIR.exe
5/16/2011 5:44:30 PM Not found virus Worm.Win32.AutoRun.auoz c:\Program Files\Common Files\Adobe.exe
5/17/2011 1:53:25 PM Not found virus Worm.Win32.AutoRun.auoz D:\System Volume Information\_restore{668674D5-BC6A-453A-9A25-08EB3624AFFE}\RP9\A0003625.exe
Status: unk: (events: 3)
4/15/2011 8:28:58 AM unk: 4294967295 virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\Jeni\Desktop\VLC.exe
4/15/2011 12:23:17 PM unk: 4294967295 virus Worm.Win32.AutoRun.auoz E:\[ims]Good Ending - Ch78.exe
4/18/2011 6:36:30 PM unk: 4294967295 virus Worm.Win32.AutoRun.auoz C:\Documents and Settings\Jeni\Desktop\MP3-Hot-Collections.exe
Status: Will be deleted when the computer is restarted (events: 1)
4/19/2011 10:05:11 AM Will be deleted when the computer is restarted virus Worm.Win32.AutoRun.auoz c:\Documents and Settings\Jeni\Desktop\Read1st.exe



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 18 May 2011 - 04:20 PM

Hi,

I am assuming that you do not know the files classified.exe, read1st.exe and similar?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 19 May 2011 - 01:10 AM

No, I do not.

Sorry for the late reply.

Edited by diesel_footwear, 19 May 2011 - 01:10 AM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 19 May 2011 - 01:29 PM

Hi,

let's remove the files then:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    G:\EXPLORER.EXE
    C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
    C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
    C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
     C:\Documents and Settings\Jeni\Desktop\Classified.exe
    D:\MP4-Hot-Collections.exe.exe
     C:\Documents and Settings\Jeni\Desktop\Classified.exe
    C:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe.exe
    D:\FavoriteVideo.exe
    E:\MP4-Hot-Collections.exe
    c:\WINDOWS\system32.exe
    C:\Documents and Settings\All Users\Documents\MP3-Hot-Collections.exe
    C:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe
    D:\MP4-Hot-Collections.exe
    C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe
    c:\Documents and Settings\Jeni\Desktop\Classified.exe
    C:\read1st\Classified.exe
    C:\Documents and Settings\All Users\Documents\Read1st.exe
    c:\Program Files\Common Files\Adobe.exe
    D:\Portable ofc\Office 2007\MSOffice2007-6in1-Settings\300000003f00002i\CLVIEW.EXE
    D:\read1st\Classified.exe
    E:\read1st\Classified.exe
    C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe
    c:\Documents and Settings\Jeni\Desktop\Read1st.exe
    D:\FavoriteVideo.exe
    c:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe
    C:\read1st\Classified.exe
    C:\Documents and Settings\All Users\Documents\Read1st.exe
    c:\Program Files\Common Files\Adobe AIR.exe
    c:\Program Files\Common Files\Adobe.exe
    C:\Documents and Settings\Jeni\Desktop\VLC.exe
    E:\[ims]Good Ending - Ch78.exe
    C:\Documents and Settings\Jeni\Desktop\MP3-Hot-Collections.exe
    c:\Documents and Settings\Jeni\Desktop\Read1st.exe 
    
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 May 2011 - 05:05 AM

========== FILES ==========
File\Folder G:\EXPLORER.EXE not found.
File\Folder C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe not found.
File\Folder C:\Documents and Settings\Jeni\Desktop\Classified.exe not found.
File\Folder D:\MP4-Hot-Collections.exe.exe not found.
File\Folder C:\Documents and Settings\Jeni\Desktop\Classified.exe not found.
File\Folder C:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe.exe not found.
File\Folder D:\FavoriteVideo.exe not found.
File\Folder E:\MP4-Hot-Collections.exe not found.
File\Folder c:\WINDOWS\system32.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\MP3-Hot-Collections.exe not found.
File\Folder C:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe not found.
File\Folder D:\MP4-Hot-Collections.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe not found.
File\Folder c:\Documents and Settings\Jeni\Desktop\Classified.exe not found.
File\Folder C:\read1st\Classified.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\Read1st.exe not found.
File\Folder c:\Program Files\Common Files\Adobe.exe not found.
File\Folder D:\Portable ofc\Office 2007\MSOffice2007-6in1-Settings\300000003f00002i\CLVIEW.EXE not found.
File\Folder D:\read1st\Classified.exe not found.
File\Folder E:\read1st\Classified.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\MP4-Hot-Collections.exe.exe not found.
File\Folder c:\Documents and Settings\Jeni\Desktop\Read1st.exe not found.
File\Folder D:\FavoriteVideo.exe not found.
File\Folder c:\Documents and Settings\Jeni\Desktop\MP4-Hot-Collections.exe not found.
File\Folder C:\read1st\Classified.exe not found.
File\Folder C:\Documents and Settings\All Users\Documents\Read1st.exe not found.
File\Folder c:\Program Files\Common Files\Adobe AIR.exe not found.
File\Folder c:\Program Files\Common Files\Adobe.exe not found.
File\Folder C:\Documents and Settings\Jeni\Desktop\VLC.exe not found.
File\Folder E:\[ims]Good Ending - Ch78.exe not found.
File\Folder C:\Documents and Settings\Jeni\Desktop\MP3-Hot-Collections.exe not found.
File\Folder c:\Documents and Settings\Jeni\Desktop\Read1st.exe not found.
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_180126






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users