this is my Hijack LOG
PLEASE HELP ME......


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:33 PM, on 4/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\tsbaolm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\lsass.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: 219198 helper - {5b452b01-12c9-4286-81d9-2308aeb3cd94} - C:\WINDOWS\system32\219198\219198.dll
O2 - BHO: (no name) - {dbfb6497-c967-447d-9867-e4de4d282ba9} - c:\windows\system32\bzdyxsh.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [7708] C:\tsbaolm.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Rhomel F. Ibarreta\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238316230375
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iwbwzcsl - C:\WINDOWS\SYSTEM32\bzdyxsh.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Google Update Service (gupdate1c98c29e80e3404) (gupdate1c98c29e80e3404) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6841 bytes

hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

this my SDFix

SDFix: Version 1.240
Run by Rhomel F. Ibarreta on Wed 04/22/2009 at 11:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
ICF

Path :
C:\WINDOWS\system32\svchost.exe:ext.exe

ICF - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\w.exe - Deleted
C:\WINDOWS\system32\5.tmp - Deleted
C:\WINDOWS\system32\6.tmp - Deleted
C:\WINDOWS\system32\7.tmp - Deleted
C:\WINDOWS\system32\224.tmp - Deleted
C:\WINDOWS\system32\227.tmp - Deleted
C:\lsass.exe - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted





Removing Temp Files

ADS Check :


C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 53248 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 23:45:44
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\Rhomel F. Ibarreta\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Garena\\Garena.exe"="C:\\Program Files\\Garena\\Garena.exe:*:Enabled:Garena"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe:*:Enabled:Pando Media Booster"
"D:\\Garena\\Garena.exe"="D:\\Garena\\Garena.exe:*:Enabled:Garena.exe"
"D:\\Pudge666V5.0\\Garena.exe"="D:\\Pudge666V5.0\\Garena.exe:*:Enabled:Garena.exe"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:UDP"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\WINDOWS\\system32\\3361\\svchost.exe"="C:\\WINDOWS\\system32\\3361\\svchost.exe:*:Enabled:SVCHOST.EXE"
"C:\\tsbaolm.exe"="C:\\tsbaolm.exe:*:Disabled:tsbaolm"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 22 Apr 2009 40,448 ...H. --- "C:\WINDOWS\ld08.exe"
Wed 22 Apr 2009 35,328 ...H. --- "C:\WINDOWS\pp06.exe"
Wed 22 Apr 2009 24,576 ..SH. --- "C:\Program Files\ThunMail\testabd.dll"
Wed 22 Apr 2009 66,760 ..SHR --- "C:\Program Files\ThunMail\testabd.exe"
Fri 13 Feb 2009 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

_______________________________________________________________________________________________

this my Hijackthis LOG..........


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:44 PM, on 4/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\tsbaolm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\lsass.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: 219198 helper - {5b452b01-12c9-4286-81d9-2308aeb3cd94} - C:\WINDOWS\system32\219198\219198.dll
O2 - BHO: (no name) - {dbfb6497-c967-447d-9867-e4de4d282ba9} - c:\windows\system32\bzdyxsh.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [14686] C:\tsbaolm.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Rhomel F. Ibarreta\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VRT4] C:\WINDOWS\TEMP\VRT4.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238316230375
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iwbwzcsl - C:\WINDOWS\SYSTEM32\bzdyxsh.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c98c29e80e3404) (gupdate1c98c29e80e3404) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7341 bytes


thank you..

hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

does not exist because I used him before.

Delete it and do this


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

sir, is alway say alert..

please help me.....

thank for support..

sir..how delete this folder and .exe

i`am unistall the avast....

this my hijackthis log..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:15 AM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: 219198 helper - {5b452b01-12c9-4286-81d9-2308aeb3cd94} - C:\WINDOWS\system32\219198\219198.dll
O2 - BHO: (no name) - {dbfb6497-c967-447d-9867-e4de4d282ba9} - c:\windows\system32\bzdyxsh.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [23533] C:\tsbaolm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Rhomel F. Ibarreta\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VRT4] C:\WINDOWS\TEMP\VRT4.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238316230375
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iwbwzcsl - C:\WINDOWS\SYSTEM32\bzdyxsh.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c98c29e80e3404) (gupdate1c98c29e80e3404) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7166 bytes

this new update for my computer...

this files from the ComboFix..

hello

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • C:\WINDOWS\system32\svchost.exe
    
  
  
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

sir.......this....

http://virscan.org/report/8f078ae4ed187aaa...5146de6716.html

please help for my YM

hello

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %systemroot%\System32\antiwpa.dll
  %systemroot%\SYSTEM32\wpa.dll
  %systemroot%\setup\scripts\biestart.exe
  %systemroot%\system32\drivers\royal.sys
  %SYSTEMDRIVE%\*.
  %PROGRAMFILES%\*.
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTListIt LOG


OTListIt logfile created on: 4/23/2009 7:46:55 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rhomel F. Ibarreta\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 704.99 Mb Available Physical Memory | 68.93% Memory free
2.41 Gb Paging File | 2.02 Gb Available in Paging File | 83.77% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.01 Gb Total Space | 6.41 Gb Free Space | 37.69% Space Free | Partition Type: NTFS
Drive D: | 10.54 Gb Total Space | 4.95 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.75 Gb Total Space | 9.70 Gb Free Space | 99.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RHOMEL-9FDA05A8
Current User Name: Rhomel F. Ibarreta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - D:\Pudge666V5.0\Garena.exe (Pudge666 Company)
PRC - D:\Garena\MapHack for v1.20e.exe ()
PRC - C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lbacwdau [Auto | Running]) -- C:\WINDOWS\system32\bzdyxsh.dll (U.S. Robotics Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (Btcsrusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (FETNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (partizan [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys (Conexant Systems, Inc.)
DRV - (GarenaPEngine [On_Demand | Running]) -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\temp\GAJ40.tmp ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.0.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.4.2
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F46A2F34-90B4-44A9-B6E7-41BC6606C842}:1.0
FF - prefs.js..extensions.enabledItems: {B89A953F-7119-49C1-8A8C-8DEF5DC97BA6}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9


FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/02/11 17:20:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/18 21:26:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 04:49:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 04:49:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD

[2009/04/18 08:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Extensions
[2009/04/18 08:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/20 22:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/04/23 03:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions
[2009/04/18 08:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/04/18 08:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/04/22 16:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/18 08:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/18 08:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/18 08:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/04/18 08:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/04/22 08:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\autopager@mozilla.org
[2009/04/18 08:31:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\mozilla\Firefox\Profiles\i47ne8g1.default\extensions\personas@christopher.beard
[2009/04/23 03:51:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 02:19:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/22 14:24:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B89A953F-7119-49C1-8A8C-8DEF5DC97BA6}
[2009/04/22 11:09:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F46A2F34-90B4-44A9-B6E7-41BC6606C842}
[2009/04/23 04:49:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 04:49:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/27 02:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/27 02:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/27 02:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/27 02:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/27 02:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/27 02:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/27 02:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: () - {dbfb6497-c967-447d-9867-e4de4d282ba9} - c:\windows\system32\bzdyxsh.dll (U.S. Robotics Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\Rhomel F. Ibarreta\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\idmmbc.dll (Tonec Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238316230375 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\iwbwzcsl: DllName - bzdyxsh.dll - C:\WINDOWS\system32\bzdyxsh.dll (U.S. Robotics Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
NetSvcs: 6to4 -
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll (Microsoft Corporation)
NetSvcs: AudioSrv - C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: Browser - C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
NetSvcs: CryptSvc - C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
NetSvcs: DMServer - C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
NetSvcs: DHCP - C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
NetSvcs: ERSvc - C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
NetSvcs: EventSystem - C:\WINDOWS\system32\es.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -
NetSvcs: Iprip -
NetSvcs: Irmon -
NetSvcs: LanmanServer - C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
NetSvcs: Netman - C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
NetSvcs: Nla - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
NetSvcs: Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -
NetSvcs: Nwsapagent -
NetSvcs: Rasauto - C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: Schedule - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
NetSvcs: Seclogon - C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: SENS - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)
NetSvcs: Tapiagent -
NetSvcs: Tapisrv - C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: lbacwdau - C:\WINDOWS\system32\bzdyxsh.dll (U.S. Robotics Corporation)
NetSvcs: Themes - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: TrkWks - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
NetSvcs: W32Time - C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)
NetSvcs: WZCSVC - C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\WINDOWS\System32\advapi32.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: wscsvc - C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation)
NetSvcs: xmlprov - C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)
NetSvcs: BITS -
NetSvcs: wuauserv -
NetSvcs: ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll (Microsoft Corporation)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll (Microsoft Corporation)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)
SafeBootMin: DcomLaunch - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
SafeBootMin: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)
SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Netlogon - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcSs - %SystemRoot%\System32\rpcss.dll (Microsoft Corporation)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys (Microsoft Corporation)
SafeBootMin: SRService - %SystemRoot%\system32\srsvc.dll (Microsoft Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootMin: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll (Microsoft Corporation)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - %SystemRoot%\System32\browser.dll (Microsoft Corporation)
SafeBootNet: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)
SafeBootNet: DcomLaunch - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootNet: Dhcp - %SystemRoot%\System32\dhcpcsvc.dll (Microsoft Corporation)
SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
SafeBootNet: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)
SafeBootNet: DnsCache - %SystemRoot%\System32\dnsrslvr.dll (Microsoft Corporation)
SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: ip6fw.sys - %SystemRoot%\system32\DRIVERS\Ip6Fw.sys (Microsoft Corporation)
SafeBootNet: ipnat.sys - %SystemRoot%\system32\DRIVERS\ipnat.sys (Microsoft Corporation)
SafeBootNet: LanmanServer - %SystemRoot%\System32\srvsvc.dll (Microsoft Corporation)
SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll (Microsoft Corporation)
SafeBootNet: LmHosts - %SystemRoot%\System32\lmhsvc.dll (Microsoft Corporation)
SafeBootNet: Messenger - %SystemRoot%\System32\msgsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: Ndisuio - %SystemRoot%\system32\DRIVERS\ndisuio.sys (Microsoft Corporation)
SafeBootNet: NetBIOS - %SystemRoot%\system32\DRIVERS\netbios.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - %SystemRoot%\system32\DRIVERS\netbt.sys (Microsoft Corporation)
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)
SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLmSsp - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys (Microsoft Corporation)
SafeBootNet: rdpdd.sys - %SystemRoot%\System32\rdpdd.dll (Microsoft Corporation)
SafeBootNet: rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys (Microsoft Corporation)
SafeBootNet: rdsessmgr - %SystemRoot%\system32\sessmgr.exe (Microsoft Corporation)
SafeBootNet: RpcSs - %SystemRoot%\System32\rpcss.dll (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess - %SystemRoot%\System32\ipnathlp.dll (Microsoft Corporation)
SafeBootNet: sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys (Microsoft Corporation)
SafeBootNet: SRService - %SystemRoot%\system32\srsvc.dll (Microsoft Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - %SystemRoot%\system32\DRIVERS\tcpip.sys (Microsoft Corporation)
SafeBootNet: TDI - Driver Group
SafeBootNet: tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys (Microsoft Corporation)
SafeBootNet: tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys (Microsoft Corporation)
SafeBootNet: termservice - %SystemRoot%\System32\termsrv.dll (Microsoft Corporation)
SafeBootNet: vga.sys - Driver
SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootNet: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F31A15C-CE5E-E308-23A5-3B5297C527BE} - DirectAnimation
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/23 07:42:46 | 00,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\OTListIt2.exe
[2009/04/23 05:17:45 | 00,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/04/23 05:16:24 | 00,032,480 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/04/23 05:14:25 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009/04/23 05:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\My Documents\RegRun2
[2009/04/23 05:12:50 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\RegRun Control Center.lnk
[2009/04/23 05:12:49 | 00,444,128 | ---- | C] (Greatis Software) -- C:\WINDOWS\RunGuard.exe
[2009/04/23 05:12:49 | 00,057,556 | ---- | C] () -- C:\WINDOWS\guard.bmp
[2009/04/23 05:12:49 | 00,020,192 | ---- | C] () -- C:\WINDOWS\WinBait.org
[2009/04/23 05:12:49 | 00,020,192 | ---- | C] () -- C:\WINDOWS\WinBait.exe
[2009/04/23 05:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009/04/23 01:59:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/23 01:59:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 01:59:12 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/23 01:59:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/23 01:24:22 | 00,054,307 | ---- | C] () -- C:\WINDOWS\System32\paso.el
[2009/04/23 01:24:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ynh.dx
[2009/04/23 01:24:15 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blbmb
[2009/04/23 01:14:41 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/04/23 01:14:34 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/04/23 00:07:07 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/04/22 23:43:44 | 10,724,84352 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/22 23:32:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/22 23:27:10 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/22 23:19:56 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\SDFix.exe
[2009/04/22 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Malwarebytes
[2009/04/22 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/22 20:51:18 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\mbam-setup.exe
[2009/04/22 20:30:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/22 19:41:06 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/04/22 19:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/22 18:09:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/22 17:40:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/04/22 16:27:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/22 16:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\SUPERAntiSpyware.com
[2009/04/22 16:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/22 16:19:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\Application Data\uwpchllt
[2009/04/22 16:19:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\uwpchllt
[2009/04/22 16:14:00 | 06,237,728 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\SUPERAntiSpyware.exe
[2009/04/22 16:12:47 | 03,190,688 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\ccsetup218.exe
[2009/04/22 11:13:32 | 00,012,813 | ---- | C] () -- C:\WINDOWS\System32\t1p0_674036742510.b1k
[2009/04/22 11:11:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/22 11:11:44 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/22 11:11:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/22 11:11:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/22 11:11:07 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/04/22 11:10:59 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/22 11:10:55 | 00,000,000 | RHSD | C] -- C:\Program Files\ThunMail
[2009/04/22 11:10:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\219198
[2009/04/22 11:10:44 | 00,086,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\d0b8a436.sys
[2009/04/22 11:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\pidle
[2009/04/22 10:00:53 | 00,321,144 | ---- | C] () -- C:\WINDOWS\System\taksmgr.exe
[2009/04/22 02:19:49 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/22 02:19:45 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/21 15:52:10 | 00,000,478 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\MapHack for v1.20e.lnk
[2009/04/21 15:52:04 | 00,000,440 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\HACKGarena.lnk
[2009/04/21 15:50:45 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/21 15:23:31 | 00,052,224 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/21 15:16:44 | 00,182,784 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/21 15:16:44 | 00,131,072 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/21 15:16:43 | 00,232,960 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/21 15:16:43 | 00,158,208 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/21 15:16:43 | 00,119,296 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/21 15:16:43 | 00,100,892 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/21 15:16:43 | 00,088,576 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/21 15:16:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/21 15:16:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/21 08:02:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Summitsoft
[2009/04/21 07:54:02 | 00,051,575 | ---- | C] () -- C:\WINDOWS\System32\svcnhost
[2009/04/21 06:05:34 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/04/21 06:05:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\SystemRequirementsLab
[2009/04/21 00:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/20 08:26:45 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/04/20 08:26:03 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/04/20 06:13:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\HijackThis.lnk
[2009/04/20 06:13:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/20 05:38:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Desktopicon
[2009/04/20 05:16:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/19 09:24:14 | 00,300,544 | ---- | C] () -- C:\WINDOWS\System32\ntos.exe.vir
[2009/04/18 11:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\Application Data\Deployment
[2009/04/18 08:15:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/04/16 06:23:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/04/16 06:22:21 | 09,197,600 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/16 06:22:21 | 00,110,948 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/04/11 05:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\TXT
[2009/04/11 01:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\SmartFTP
[2009/04/10 03:12:21 | 00,000,474 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\HACK Garena.lnk
[2009/04/09 22:35:11 | 00,001,339 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garena.lnk
[2009/04/09 22:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Garena
[2009/04/09 22:33:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\InstallShield
[2009/04/06 03:48:31 | 00,002,249 | ---- | C] () -- C:\WINDOWS\owenosesoxi.dll
[2009/04/03 02:33:19 | 00,000,195 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\default.rss
[2009/04/03 01:20:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/03 01:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/03 01:11:17 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/04/03 01:01:13 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/04/03 00:55:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/04/02 03:58:18 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\Fire.scr
[2009/04/02 03:58:18 | 00,475,136 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\Windows16.scr
[2009/04/02 03:58:18 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\Cosmic.scr
[2009/03/31 21:49:24 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/31 19:17:08 | 00,000,554 | ---- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\O2jam.lnk
[2009/03/30 16:51:51 | 00,210,352 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2009/03/30 00:07:13 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/30 00:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Nero
[2009/03/29 23:06:41 | 00,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/03/29 22:50:15 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/03/29 22:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/03/29 17:25:06 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/03/29 17:25:06 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/03/29 17:25:04 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/03/29 17:25:01 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/03/29 17:25:01 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/03/29 17:24:58 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/03/29 17:24:56 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/03/29 17:24:54 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/03/29 17:24:54 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/03/29 17:24:51 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/03/29 17:24:48 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/03/29 17:24:48 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/03/29 17:24:46 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/03/29 17:24:44 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/03/29 17:24:41 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/03/29 17:24:41 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/03/29 17:24:39 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/03/29 17:24:36 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/03/29 17:24:36 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/03/29 17:24:34 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/03/29 17:24:31 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/03/29 17:24:31 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/03/29 17:24:29 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/03/29 17:24:27 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/03/29 17:24:24 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/03/29 17:24:24 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/03/29 17:24:22 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/03/29 17:24:20 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/03/29 17:24:17 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/03/29 17:24:16 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/03/29 17:24:13 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/03/29 17:24:13 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/03/29 17:24:11 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/03/29 17:24:08 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/03/29 17:24:04 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/03/29 17:24:04 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/03/29 17:24:02 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/03/29 17:23:58 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/03/29 17:23:55 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/03/29 17:23:55 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/03/29 17:23:53 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/03/29 17:23:51 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/03/29 17:23:51 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/03/29 17:23:47 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/03/29 17:23:47 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/03/29 17:23:46 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/03/29 17:23:44 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/03/29 17:23:41 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/03/29 17:23:37 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/03/29 17:23:37 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/03/29 17:23:35 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/03/29 17:23:33 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/03/29 17:23:33 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/03/29 17:23:32 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/03/29 17:23:31 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/03/29 17:23:31 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/03/29 17:23:30 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/03/29 17:23:29 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/03/29 17:23:28 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/03/29 17:23:27 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/03/29 17:23:27 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/03/29 17:23:26 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/03/29 17:23:24 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/03/29 17:23:24 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/03/29 17:23:23 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/03/29 17:23:23 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/03/29 17:23:22 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/03/29 17:23:22 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/03/29 17:23:21 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/03/29 17:23:19 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/03/29 16:59:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/03/29 16:48:30 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/03/29 16:48:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/03/29 16:48:29 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/03/29 16:48:28 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/03/29 16:48:27 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/03/29 16:48:27 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/03/28 23:47:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\Application Data\ESET
[2009/03/28 23:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/28 14:53:59 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/03/28 14:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/03/28 11:31:55 | 00,026,624 | -HS- | C] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\Thumbs.db
[2009/03/25 22:36:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/03/25 21:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Samsung
[2009/03/25 21:18:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/03/25 19:24:56 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll
[2009/03/25 19:24:11 | 00,094,000 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
[2009/03/25 19:24:11 | 00,058,320 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bus.sys
[2009/03/25 19:24:11 | 00,008,304 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
[2009/03/25 19:24:11 | 00,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
[2009/03/25 19:24:11 | 00,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cm.sys
[2009/03/25 19:24:11 | 00,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
[2009/03/25 19:24:11 | 00,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_wh.sys
[2009/03/25 19:24:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2009/03/25 19:23:53 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2009/03/25 19:23:46 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/03/25 19:23:36 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2009/03/25 19:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung
[2009/03/25 17:33:21 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\ogacheckcontrol.dll
[2009/03/25 17:33:21 | 00,343,552 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2009/03/25 17:33:21 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/03/25 10:57:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/03/25 10:55:29 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/03/25 10:55:29 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/03/25 10:55:29 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\plugin.ocx
[2009/03/25 10:55:29 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2009/03/25 10:55:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/03/25 10:55:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/03/24 13:55:26 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2009/03/24 13:55:19 | 01,284,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Aurora.scr
[2009/03/24 13:55:19 | 00,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vista.scr
[2009/03/24 13:55:19 | 00,793,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Bubbles.scr
[2009/03/24 13:55:19 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Ribbons.scr
[2009/03/24 13:55:19 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mystify.scr
[2009/03/24 13:55:19 | 00,061,440 | ---- | C] (Rafael & ZoRoNaX) -- C:\WINDOWS\System32\Vista.Emulation.dll
[2009/03/24 13:55:19 | 00,033,234 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2009/03/24 13:55:19 | 00,000,260 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/24 13:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\KM-Software
[2009/02/24 23:23:35 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009/02/21 01:39:42 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\gyuvgfytre56yftyd.dll.vir
[2009/02/19 23:05:58 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2009/02/19 23:05:58 | 00,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2009/01/30 10:02:32 | 00,000,155 | ---- | C] () -- C:\WINDOWS\option.ini
[2009/01/26 09:59:38 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/01/26 09:59:14 | 00,003,063 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/01/26 09:59:13 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/12/08 15:19:22 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\EGamesPlugin.dll
[2005/12/08 15:19:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
[2005/08/02 16:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 16:35:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 16:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 16:35:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 16:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 16:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\usegidim.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\omowadageqewipe.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\okofipuluk.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\iverujomurarana.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\ilugukoposit.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\etowipiqowal.dll
[2004/08/04 00:56:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\agunikanujuqod.dll
[2004/07/17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/03/18 18:40:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 18:40:24 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/11/25 20:45:30 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/11/25 20:45:22 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/23 07:48:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\d0b8a436.sys
[2009/04/23 07:43:01 | 00,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\OTListIt2.exe
[2009/04/23 05:33:42 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/23 05:33:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/23 05:33:35 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/23 05:33:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/23 05:33:30 | 10,724,84352 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/23 05:17:45 | 00,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/04/23 05:16:24 | 00,032,480 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/04/23 05:14:25 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/23 05:14:25 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/04/23 05:14:25 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/04/23 05:12:50 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\RegRun Control Center.lnk
[2009/04/23 01:59:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 01:24:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ynh.dx
[2009/04/23 01:24:13 | 00,054,307 | ---- | M] () -- C:\WINDOWS\System32\paso.el
[2009/04/23 01:14:41 | 00,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/04/22 23:20:33 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\SDFix.exe
[2009/04/22 20:52:32 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\mbam-setup.exe
[2009/04/22 18:59:42 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/04/22 16:16:23 | 06,237,728 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\SUPERAntiSpyware.exe
[2009/04/22 16:14:10 | 03,190,688 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\ccsetup218.exe
[2009/04/22 14:21:54 | 04,812,116 | -H-- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\Application Data\IconCache.db
[2009/04/22 11:20:01 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/22 11:20:01 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/22 11:13:32 | 00,012,813 | ---- | M] () -- C:\WINDOWS\System32\t1p0_674036742510.b1k
[2009/04/22 11:11:44 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/22 11:11:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/22 11:10:59 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/22 11:09:27 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/04/22 11:09:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2009/04/22 10:00:53 | 00,321,144 | ---- | M] () -- C:\WINDOWS\System\taksmgr.exe
[2009/04/22 08:54:44 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 02:19:49 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/21 19:43:37 | 00,000,155 | ---- | M] () -- C:\WINDOWS\option.ini
[2009/04/21 15:52:10 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\MapHack for v1.20e.lnk
[2009/04/21 15:52:04 | 00,000,440 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\HACKGarena.lnk
[2009/04/21 15:31:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 15:22:40 | 00,051,575 | ---- | M] () -- C:\WINDOWS\System32\svcnhost
[2009/04/21 09:58:08 | 00,131,072 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/21 09:45:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bk
[2009/04/21 06:16:45 | 00,202,752 | -HS- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\My Documents\Thumbs.db
[2009/04/21 06:10:49 | 00,000,195 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\default.rss
[2009/04/21 06:10:47 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 05:51:25 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 00:20:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/21 00:20:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/20 08:26:28 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/20 06:13:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\HijackThis.lnk
[2009/04/19 11:47:42 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\Microsoft Office Word 2007.lnk
[2009/04/19 09:24:14 | 00,300,544 | ---- | M] () -- C:\WINDOWS\System32\ntos.exe.vir
[2009/04/18 08:21:43 | 00,000,089 | -HS- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\My Documents\desktop.ini
[2009/04/18 08:20:36 | 09,197,600 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/18 08:20:36 | 00,110,948 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/04/12 00:38:28 | 00,000,474 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\HACK Garena.lnk
[2009/04/09 22:35:11 | 00,001,339 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garena.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 03:48:31 | 00,002,249 | ---- | M] () -- C:\WINDOWS\owenosesoxi.dll
[2009/04/06 00:38:48 | 00,676,224 | ---- | M] () -- C:\WINDOWS\System32\ogacheckcontrol.dll
[2009/04/04 17:50:37 | 00,310,224 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/03 23:05:52 | 00,767,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 01:38:56 | 00,504,926 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/03 01:38:56 | 00,430,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/03 01:38:56 | 00,067,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/02 03:58:37 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2009/04/02 03:58:37 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2009/03/31 19:17:08 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\O2jam.lnk
[2009/03/30 03:26:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/03/29 23:23:34 | 00,004,767 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2009/03/29 23:06:41 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/03/28 11:32:01 | 00,026,624 | -HS- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\Thumbs.db
[2009/03/26 23:35:45 | 00,210,352 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2009/03/26 00:11:13 | 00,000,563 | ---- | M] () -- C:\Documents and Settings\Rhomel F. Ibarreta\Desktop\Frozen Throne.lnk
[2009/03/25 20:32:17 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/03/25 19:23:36 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2009/03/24 13:55:26 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.ubx

========== LOP Check ==========

[2009/04/23 02:45:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/22 17:40:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/02/14 06:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\11128
[2009/02/08 05:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\127D
[2009/03/01 22:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/01/30 09:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/01/30 09:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/02/19 23:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/02/15 17:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E1A5
[2009/03/28 23:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/12 20:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/04/22 20:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/29 00:05:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/08 00:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/03/30 01:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/02/21 17:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/22 16:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/09 23:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/21 00:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/23 05:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/04/18 08:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/22 20:54:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data
[2009/03/02 22:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Acronis
[2009/03/19 21:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Adobe
[2009/04/23 00:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Desktopicon
[2009/04/23 05:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\DMCache
[2009/02/26 20:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Download Manager
[2009/02/03 07:16:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\ExitReality
[2009/01/26 09:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Identities
[2009/04/21 18:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\IDM
[2009/04/09 22:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\InstallShield
[2009/01/26 11:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Macromedia
[2009/04/22 20:54:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Malwarebytes
[2009/04/22 09:56:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Microsoft
[2009/01/26 11:38:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Mozilla
[2009/03/30 00:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Nero
[2009/02/23 01:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Opera
[2009/04/22 11:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\pidle
[2009/03/08 01:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\PlayFirst
[2009/03/25 21:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Samsung
[2009/04/11 01:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\SmartFTP
[2009/04/21 08:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Summitsoft
[2009/01/26 11:29:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Sun
[2009/04/22 16:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\SUPERAntiSpyware.com
[2009/04/21 06:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\SystemRequirementsLab
[2009/04/22 16:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\uwpchllt
[2009/01/26 10:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\WinRAR
[2009/01/26 11:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rhomel F. Ibarreta\Application Data\Yahoo!
[2009/04/22 18:59:42 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2002/11/25 20:44:56 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/23 05:33:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Custom Scans ==========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %SYSTEMDRIVE%\*. >
[2009/04/23 07:43:13 | 00,000,000 | ---D | M] -- C:
[2009/04/23 01:14:58 | 00,000,000 | ---D | M] -- C:\32788R22FWJFW
[2009/04/22 18:59:31 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2009/04/22 14:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2009/01/26 10:09:56 | 00,000,000 | RH-D | M] -- C:\MSOCache
[2009/02/24 23:23:34 | 00,000,000 | ---D | M] -- C:\OpenSSL
[2009/04/23 05:12:45 | 00,000,000 | ---D | M] -- C:\Program Files
[2009/04/23 00:09:11 | 00,000,000 | ---D | M] -- C:\Qoobox
[2009/04/21 15:50:45 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/04/22 23:45:50 | 00,000,000 | ---D | M] -- C:\SDFix
[2009/04/23 07:41:39 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/04/23 05:26:18 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*. >
[2009/04/23 05:12:45 | 00,000,000 | ---D | M] -- C:\Program Files
[2009/02/23 01:22:17 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/04/22 19:41:04 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/01/26 09:59:40 | 00,000,000 | ---D | M] -- C:\Program Files\AvRack
[2009/04/23 01:14:17 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/04/22 16:27:24 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/01/26 09:43:21 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/02/03 17:23:49 | 00,000,000 | ---D | M] -- C:\Program Files\ExitReality
[2009/04/20 03:37:46 | 00,000,000 | ---D | M] -- C:\Program Files\Garena
[2009/02/11 17:20:46 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/04/23 05:12:45 | 00,000,000 | ---D | M] -- C:\Program Files\Greatis
[2009/04/09 22:35:07 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/19 07:09:46 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2009/04/18 08:30:55 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/02/19 23:05:58 | 00,000,000 | ---D | M] -- C:\Program Files\IVT Corporation
[2009/04/02 23:26:31 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/24 13:54:57 | 00,000,000 | ---D | M] -- C:\Program Files\KM-Software
[2009/04/23 03:06:44 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/24 14:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/01/26 09:51:09 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/01/26 10:15:21 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/30 20:09:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/01/26 10:15:10 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/01/26 10:15:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/01/26 09:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/04/23 07:46:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/03 01:35:47 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/01/26 09:42:27 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/01/26 09:42:58 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/29 23:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/01/26 09:44:43 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/01/26 09:43:07 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/01/26 09:44:38 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/02/21 17:12:03 | 00,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/01/26 09:59:40 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2009/04/03 01:15:05 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/25 19:23:32 | 00,000,000 | ---D | M] -- C:\Program Files\Samsung
[2009/04/21 06:05:34 | 00,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/04/22 11:10:55 | 00,000,000 | RHSD | M] -- C:\Program Files\ThunMail
[2009/04/20 06:13:23 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/01/26 09:56:59 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/23 00:07:07 | 00,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2009/04/20 08:26:04 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/04/20 08:26:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/01/26 09:42:50 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/28 14:48:51 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/01/26 09:45:44 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/01/26 10:34:47 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/01/26 09:51:09 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/04/23 05:35:01 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAD5E900
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45690DD4
< End of report >
________________________________________________________________________________________

Extra LOG

OTListIt Extras logfile created on: 4/23/2009 7:46:55 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Rhomel F. Ibarreta\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 704.99 Mb Available Physical Memory | 68.93% Memory free
2.41 Gb Paging File | 2.02 Gb Available in Paging File | 83.77% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.01 Gb Total Space | 6.41 Gb Free Space | 37.69% Space Free | Partition Type: NTFS
Drive D: | 10.54 Gb Total Space | 4.95 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.75 Gb Total Space | 9.70 Gb Free Space | 99.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RHOMEL-9FDA05A8
Current User Name: Rhomel F. Ibarreta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"55826:TCP" = 55826:TCP:*:Enabled:assemblyPublish schemasApp
"11958:UDP" = 11958:UDP:*:Enabled:assemblyPublish JavaCommon
"53843:TCP" = 53843:TCP:*:Enabled:assemblyPublish GoogleVisual
"54005:UDP" = 54005:UDP:*:Enabled:assemblyPublish CalendarOffline
"80:TCP" = 80:TCP:*:Enabled:dll32
"7171:TCP" = 7171:TCP:*:Enabled:dll32

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Garena\Garena.exe:*:Enabled:Garena (Garena Interactive PTE LTD)
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil (IVT Corporation)
C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster ()
D:\Garena\Garena.exe:*:Enabled:Garena.exe (Rhy Guinto)
D:\Pudge666V5.0\Garena.exe:*:Enabled:Garena.exe (Pudge666 Company)
C:\WINDOWS\system32\ftp.exe:*:Enabled:UDP (Microsoft Corporation)
C:\WINDOWS\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE File not found
C:\tsbaolm.exe:*:Disabled:tsbaolm File not found
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears
"{3037da8f-0de4-45c7-b8c4-e72f0cd5d92c}" = Nero 9 Trial
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{389AA6BC-0D25-4480-B70A-CAF2C990A6F9}_is1" = Theme XPack 1.4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"Internet Download Manager" = Internet Download Manager
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"mozilla firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"O2Jam_ph" = O2jam
"OpenSSL_is1" = OpenSSL 0.9.6m
"regrun security suite_is1" = RegRun Security Suite Platinum
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"unlocker" = Unlocker 1.8.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2009 12:16:08 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 12:23:42 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 12:23:42 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 1:49:28 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 1:49:28 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 1:53:43 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 1:53:43 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 3:39:00 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 3:39:00 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/11/2009 3:39:28 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 4/22/2009 4:34:20 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 4/22/2009 5:17:51 PM | Computer Name = RHOMEL-9FDA05A8 | Source = PlugPlayManager | ID = 11
Description = The device Root\legacy_fda74ff\0000 disappeared from the system without
first being prepared for removal.

Error - 4/22/2009 5:17:51 PM | Computer Name = RHOMEL-9FDA05A8 | Source = PlugPlayManager | ID = 11
Description = The device Root\legacy_qkdmatjq\0000 disappeared from the system without
first being prepared for removal.

Error - 4/22/2009 5:19:42 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 4/22/2009 5:19:42 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sasdifsv saskutil

Error - 4/22/2009 5:29:24 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 4/22/2009 5:29:24 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sasdifsv saskutil

Error - 4/22/2009 5:31:50 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 4/22/2009 5:32:19 PM | Computer Name = RHOMEL-9FDA05A8 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_QKDMATJQ\0000 disappeared from the system without
first being prepared for removal.

Error - 4/22/2009 5:32:19 PM | Computer Name = RHOMEL-9FDA05A8 | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.


< End of report >