Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AntiVirus XP 2008 - Please HELP! [CLOSED]


  • This topic is locked This topic is locked

#1
Yooniexchic

Yooniexchic

    Member

  • Member
  • PipPip
  • 11 posts
Hiyee!

Thanx in advance for helping me! Ok so here is what happened.

I was trying to watch a video of the Olympics opening ceremony and I accepted a download request for a "Video activex object" codec. It turned out to be a nasty virus or trojan and my computer began to:

1. installed Antivirus XP 2008, which I tried to uninstall but would it kept aborting
2. repeatedly auto-scanning my computer and popups would appear that tried to get me to pay for one of their full featured anti-virus programs
3. my desktop wallpaper changed into a bright blue display that said my computer was infected

Then I installed Kaspersky and restarted my computer and many programs or applications would not work (AIM, My Computer, etc). I updated Kaspersky, ran it and restarted again, and now everything appears to be running somewhat-okay for the time being. I also read many instructions and ran a number of scans and fixes, including:

ComboFix
Malwarebytes Anti-Malware
Super AntiSpyware Free Edition
FiexIEDef
SmitfraudFix

My computer seems to be working decentlyl now (I do not see AntiVirus XP 2008 in my Programs List anymore), however viewing on Kaspersky, I am still getting repeated phishing attacks on my computer. I just want to make sure that this stuff is completely off my computer. Thank you so much for taking the time to read my problem!!

I am posting the my HJT file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:29 AM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\power shutdown\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB00321 - {0E9B2F53-3E3E-4E66-8BFA-1C822F395ACA} - C:\Program Files\DigiClick\DigiClick! Toolbar\digiclick4.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DigiClick! Toolbar - {FFC77067-4045-419B-9AEF-DE9BE2E2AFF7} - C:\Program Files\DigiClick\DigiClick! Toolbar\digiclick4.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194547183640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Power Shutdown - Snowportion - c:\program files\power shutdown\svchost.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9586 bytes
  • 0

Advertisements


#2
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello,

I'm still waiting for some assistance. I've done a number of scans since the last time I posted, and I am still having problems on my computer. Here is my HJT log that I took today:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:10 AM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB00321 - {0E9B2F53-3E3E-4E66-8BFA-1C822F395ACA} - C:\Program Files\DigiClick\DigiClick! Toolbar\digiclick4.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DigiClick! Toolbar - {FFC77067-4045-419B-9AEF-DE9BE2E2AFF7} - C:\Program Files\DigiClick\DigiClick! Toolbar\digiclick4.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194547183640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9392 bytes
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Yooniexchic,

Welcome to Geekstogo.

I am having a look at your log and will get back to you in a bit.

regards
emeraldnzl
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again Yooniexchic,

Please go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

DigiClick
Viewpoint


Next

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need more than one post to get it all on the forum; that's fine.

  • 0

#5
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the OTVietIt Log:

OTViewIt logfile created on: 8/27/2008 3:22:08 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Enoch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.33% Memory free
3.78 Gb Paging File | 3.42 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 166.89 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUS-64
Current User Name: Enoch
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[06/28/2005 10:55 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[03/19/2008 05:08 PM | 00,607,576 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[06/28/2005 10:55 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[06/28/2005 10:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[08/23/2005 09:59 PM | 00,409,600 | ---- | M] () - C:\Program Files\ULi5287\ULi5287.exe
[07/22/2005 03:00 AM | 00,081,920 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[07/09/2008 01:30 PM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/03/2008 02:22 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[09/20/2007 10:51 AM | 00,853,288 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[08/05/2005 03:08 PM | 00,067,160 | ---- | M] (America Online, Inc.) - C:\Program Files\AIM\aim.exe
[08/08/2007 08:54 PM | 00,376,891 | ---- | M] (Zetera Corporation) - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
[07/09/2008 01:30 PM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/03/2008 10:25 PM | 08,767,575 | ---- | M] (Evenflow, Inc.) - C:\Program Files\Dropbox\dropbox.exe
[08/27/2008 03:13 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Enoch\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[03/19/2008 05:08 PM | 00,607,576 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[11/08/2007 03:00 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(Adobe Version Cue CS2) Adobe Version Cue CS2 [Disabled | Stopped]
[04/04/2005 07:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

(Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped]
[03/20/2007 05:41 PM | 00,153,792 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/03/2008 02:22 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[06/28/2005 10:55 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(AVP) Kaspersky Anti-Virus [Auto | Stopped]
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 08:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[12/10/2007 05:02 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/09/2008 01:30 PM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped]
[05/13/2008 12:57 AM | 00,068,096 | ---- | M] () - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Auto | Running]
[09/20/2007 10:51 AM | 00,853,288 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(NMIndexingService) NMIndexingService [On_Demand | Stopped]
[09/20/2007 04:35 PM | 00,382,248 | ---- | M] (Nero AG) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(Z-SANService) Z-SAN Service [Auto | Running]
[08/08/2007 08:54 PM | 00,376,891 | ---- | M] (Zetera Corporation) - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

===== Driver Services - Non-Microsoft Only =====

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[07/26/2005 05:03 AM | 03,644,032 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(AliIde) AliIde [Boot | Running]
[02/28/2006 08:00 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[06/28/2005 11:01 PM | 01,241,088 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\ComboFix\catchme.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 02:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[02/28/2006 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(ElbyDelay) ElbyDelay [Unknown | Running]
File not found -

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(kl1) kl1 [Boot | Running]
[07/21/2008 06:34 PM | 00,121,872 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\kl1.sys

(klbg) Kaspersky Lab Boot Guard Driver [Boot | Running]
[01/29/2008 06:29 PM | 00,032,784 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klbg.sys

(KLIF) Kaspersky Lab Driver [System | Running]
[08/08/2008 06:17 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys

(klim5) Kaspersky Anti-Virus NDIS Filter [On_Demand | Running]
[04/30/2008 06:06 PM | 00,024,592 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klim5.sys

(m5287) m5287 [Boot | Running]
[08/19/2005 11:18 AM | 00,101,120 | ---- | M] (ULi Electronics Inc.) - C:\WINDOWS\system32\drivers\m5287.sys

(MTsensor) ATK0110 ACPI UTILITY [On_Demand | Running]
[08/12/2004 10:56 PM | 00,005,810 | R--- | M] () - C:\WINDOWS\system32\drivers\ASACPI.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[11/08/2007 01:14 PM | 00,009,856 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[02/28/2006 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[12/04/2007 02:38 PM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SFSZ) DataPlow SFS for Zetera Storage Devices [Auto | Running]
[08/14/2007 10:29 PM | 00,345,984 | ---- | M] (DataPlow, Incorporated) - C:\WINDOWS\system32\drivers\sfsz.sys

(VClone) VClone [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\VClone.sys

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running]
[09/19/2005 09:41 AM | 00,241,280 | ---- | M] (Marvell) - C:\WINDOWS\system32\drivers\yk51x86.sys

(ZetBus) Zetera Virtual Bus [On_Demand | Running]
[08/08/2007 08:57 PM | 00,015,488 | ---- | M] (Zetera Corporation) - C:\WINDOWS\system32\drivers\ZetBus.sys

(ZetMPD) ZetMPD [On_Demand | Stopped]
[08/08/2007 08:57 PM | 00,005,120 | ---- | M] (Zetera Corporation) - C:\WINDOWS\system32\drivers\ZetMPD.sys

(ZetSFD) ZetSFD [Boot | Running]
[08/08/2007 08:57 PM | 00,012,800 | ---- | M] (Zetera Corporation) - C:\WINDOWS\system32\drivers\ZetSFD.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/03/2008 02:23 AM | 00,116,040 | ---- | M] (Apple Inc.)
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/28/2005 10:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"AVP" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/09/2008 01:30 PM | 00,289,064 | ---- | M] (Apple Inc.)
"NBKeyScan" = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 10:51 AM | 01,836,328 | ---- | M] (Nero AG)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [07/22/2005 03:00 AM | 00,081,920 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"ULiRaid" = C:\Program Files\ULi5287\ULi5287.exe [08/23/2005 09:59 PM | 00,409,600 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/09/2005 04:34 PM | 00,294,912 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe

[Enoch Startup Folder - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup]
[07/03/2008 10:25 PM | 08,767,575 | ---- | M] (Evenflow, Inc.) - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [06/11/2008 10:33 PM | 00,061,816 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
HKLM CLSID: (IEVkbdBHO Class) - [07/29/2008 08:21 PM | 00,062,728 | ---- | M] (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [10/23/2006 12:20 AM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [10/23/2006 12:20 AM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [10/23/2006 12:20 AM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

"{724D43A0-0D85-11D4-9908-00400523E39A}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{FFC77067-4045-419B-9AEF-DE9BE2E2AFF7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"NoDriveAutoRun" = 67108863
"NoDrives" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"DisableRegistryTools" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [04/04/2005 07:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [03/20/2007 05:41 PM | 00,153,792 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\EmFTP\EmFTP.exe" = C:\Program Files\EmFTP\EmFTP.exe [03/28/2007 12:23 PM | 00,492,440 | ---- | M] ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [09/29/2007 04:22 PM | 00,050,528 | ---- | M] (AOL LLC)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [04/13/2008 08:12 PM | 00,769,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/05/2005 03:08 PM | 00,067,160 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe [12/03/2007 08:28 PM | 00,254,976 | ---- | M] (Azureus Inc)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/09/2008 01:30 PM | 20,246,824 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [06/28/2005 10:56 PM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"DllName" = C:\WINDOWS\system32\klogon.dll [07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"CiSvc" = 3
"Adobe Version Cue CS2" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"backup" = C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk File not found
"location" = Common Startup
"command" = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [12/10/2007 05:13 PM | 00,295,606 | R--- | M] ()
"item" = Adobe Acrobat Speed Launcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
"backup" = C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 01:01 AM | 00,734,872 | ---- | M] ()
"item" = Adobe Acrobat Synchronizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup" = C:\WINDOWS\pss\Adobe Gamma.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Acrotray
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [10/23/2006 12:24 AM | 00,620,152 | ---- | M] (Adobe Systems Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Version Cue CS2]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = VersionCueCS2Tray
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [04/04/2005 07:58 PM | 00,856,064 | ---- | M] (Adobe Sytems Incorporated)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NeroCheck
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [03/01/2007 04:57 PM | 00,153,136 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleToolbarNotifier
"hkey" = HKCU
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrojanScanner]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Trjscan
"hkey" = HKLM
"command" = C:\Program Files\Trojan Remover\Trjscan.exe [08/11/2008 10:20 AM | 00,909,904 | ---- | M] (Simply Super Software)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{29734D2A-E117-4AE1-958E-FC9B75BB05AA}]
Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{839D0903-86B5-401B-AB11-AEBAAE6CB4BA}]
Servers: | Description: 1394 Net Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[11/08/2007 12:30 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/11/2008 10:09 AM | ---D | C] - C:\QooBox
[08/11/2008 10:23 AM | ---D | C] - C:\SDFix
[08/21/2008 11:26 AM | 00,000,244 | -H-- | C] () - C:\sqmnoopt01.sqm
[08/21/2008 11:26 AM | 00,000,268 | -H-- | C] () - C:\sqmdata01.sqm
[08/25/2008 08:14 PM | ---D | C] - C:\ComboFix
[08/26/2008 01:00 PM | -HSD | C] - C:\RECYCLER
[07/29/2008 08:20 PM | 00,024,774 | ---- | C] () - C:\WINDOWS\System32\drivers\klopp.dat
[08/08/2008 06:17 PM | 00,213,008 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/08/2008 06:18 PM | 00,003,012 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/08/2008 06:18 PM | 00,043,276 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/08/2008 06:18 PM | 00,087,855 | ---- | C] () - C:\WINDOWS\System32\drivers\klick.dat
[08/08/2008 06:18 PM | 00,096,976 | ---- | C] () - C:\WINDOWS\System32\drivers\klin.dat
[08/08/2008 06:18 PM | 00,565,280 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/08/2008 06:18 PM | 05,401,120 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/11/2008 10:24 AM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/11/2008 10:24 AM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/18/2008 09:31 AM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[08/18/2008 09:31 AM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[08/18/2008 09:31 AM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[08/18/2008 09:31 AM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[08/18/2008 09:31 AM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[08/18/2008 09:31 AM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[08/18/2008 09:31 AM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[08/18/2008 09:31 AM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[08/18/2008 09:31 AM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[08/18/2008 09:31 AM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/18/2008 09:31 AM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/18/2008 09:31 AM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/18/2008 09:31 AM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/18/2008 09:31 AM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/18/2008 09:31 AM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/18/2008 09:31 AM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/18/2008 09:31 AM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[08/18/2008 09:31 AM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/18/2008 09:31 AM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[08/18/2008 09:31 AM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[08/18/2008 09:31 AM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[08/18/2008 09:31 AM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/18/2008 09:31 AM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[08/18/2008 09:31 AM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/18/2008 09:31 AM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/18/2008 09:31 AM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/18/2008 09:31 AM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/18/2008 09:31 AM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/18/2008 09:31 AM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/18/2008 09:31 AM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/18/2008 09:31 AM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[08/18/2008 09:31 AM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[08/18/2008 09:31 AM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/18/2008 09:31 AM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/18/2008 09:31 AM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/18/2008 09:31 AM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/18/2008 09:31 AM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/18/2008 09:31 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/18/2008 09:31 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/18/2008 09:31 AM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/18/2008 09:31 AM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/18/2008 09:31 AM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/18/2008 09:31 AM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/18/2008 09:31 AM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/18/2008 09:31 AM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/18/2008 09:31 AM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[08/18/2008 09:31 AM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/18/2008 09:31 AM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/18/2008 09:31 AM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/18/2008 09:31 AM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/18/2008 09:31 AM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/18/2008 09:31 AM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/18/2008 09:31 AM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/18/2008 09:31 AM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/18/2008 09:31 AM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/18/2008 09:31 AM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/18/2008 09:32 AM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/18/2008 09:32 AM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[08/18/2008 09:32 AM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/18/2008 09:32 AM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/18/2008 09:32 AM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/18/2008 09:32 AM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/18/2008 09:32 AM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[1 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/07/2008 10:20 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/07/2008 10:20 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/07/2008 10:20 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/08/2008 05:55 PM | 00,001,152 | ---- | C] () - C:\WINDOWS\System32\windrv.sys
[08/11/2008 11:14 AM | 00,002,864 | ---- | C] () - C:\WINDOWS\System32\tmp.reg
[08/11/2008 11:14 AM | 00,025,600 | ---- | C] () - C:\WINDOWS\System32\WS2Fix.exe.vir
[08/11/2008 11:14 AM | 00,051,200 | ---- | C] () - C:\WINDOWS\System32\dumphive.exe
[08/11/2008 11:14 AM | 00,053,248 | ---- | C] (http://www.beyondlogic.org) - C:\WINDOWS\System32\Process.exe
[08/11/2008 11:14 AM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/11/2008 11:14 AM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\IEDFix.C.exe
[08/11/2008 11:14 AM | 00,086,528 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\VACFix.exe
[08/11/2008 11:14 AM | 00,288,417 | ---- | C] (S!Ri) - C:\WINDOWS\System32\SrchSTS.exe
[08/11/2008 11:14 AM | 00,289,144 | ---- | C] (S!Ri) - C:\WINDOWS\System32\VCCLSID.exe
[08/18/2008 09:31 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/18/2008 09:31 AM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[08/18/2008 09:31 AM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[08/18/2008 09:31 AM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[08/18/2008 09:31 AM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[08/18/2008 09:31 AM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[08/18/2008 09:31 AM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[08/18/2008 09:31 AM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[08/18/2008 09:31 AM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[08/18/2008 09:31 AM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[08/18/2008 09:31 AM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[08/18/2008 09:31 AM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[08/18/2008 09:31 AM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[08/18/2008 09:31 AM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[08/18/2008 09:31 AM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[08/18/2008 09:31 AM | 04,274,816 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\nv4_disp.dll
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\System32\bits
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\System32\en
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\System32\scripting
[2 C:\WINDOWS\*.tmp files]
[08/04/2008 02:09 PM | -H-D | C] - C:\WINDOWS\PIF
[08/11/2008 10:09 AM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[08/11/2008 10:09 AM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[08/11/2008 10:09 AM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[08/11/2008 10:09 AM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[08/11/2008 10:09 AM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[08/11/2008 10:09 AM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[08/11/2008 10:09 AM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[08/11/2008 10:09 AM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[08/11/2008 10:09 AM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08/11/2008 10:09 AM | ---D | C] - C:\WINDOWS\erdnt
[08/11/2008 11:33 AM | ---D | C] - C:\WINDOWS\temp
[08/18/2008 09:31 AM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[08/20/2008 11:10 AM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 11:13 AM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\l2schemas
[08/20/2008 11:20 AM | ---D | C] - C:\WINDOWS\Prefetch
[08/08/2008 06:16 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/08/2008 06:18 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/11/2008 10:21 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
[08/11/2008 10:24 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/11/2008 10:24 AM | ---D | C] - C:\Documents and Settings\Enoch\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | C] - C:\Documents and Settings\Enoch\Application Data\SUPERAntiSpyware.com
[08/27/2008 02:38 PM | ---D | C] - C:\Documents and Settings\Enoch\Application Data\Dropbox
[08/04/2008 02:07 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\R-Epartner.com
[08/06/2008 02:25 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\Print-Banksy-Gallery
[08/11/2008 10:19 AM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\Simply Super Software
[08/13/2008 01:25 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\AdobeStockPhotos
[08/21/2008 04:11 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\sample_site_css
[08/21/2008 04:22 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout03
[08/21/2008 04:22 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout07
[08/21/2008 05:56 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout08
[08/22/2008 01:06 PM | 00,001,188 | ---- | C] () - C:\Documents and Settings\Enoch\My Documents\layout10.zip
[08/22/2008 01:07 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout10
[08/22/2008 12:59 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout09
[08/25/2008 02:22 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\Stock_Funny
[08/26/2008 12:52 PM | 00,730,033 | ---- | C] () - C:\Documents and Settings\Enoch\My Documents\DebtReductionCalculator.zip
[08/27/2008 02:38 PM | R--D | C] - C:\Documents and Settings\Enoch\My Documents\My Dropbox
[08/07/2008 02:35 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/11/2008 10:24 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/11/2008 10:36 AM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[08/08/2008 06:38 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Enoch\Desktop\HijackThis.lnk
[08/09/2008 03:09 PM | 02,830,141 | R--- | C] () - C:\Documents and Settings\Enoch\Desktop\ComboFix.exe
[08/11/2008 10:50 AM | 00,456,263 | ---- | C] (Malwareteks.com) - C:\Documents and Settings\Enoch\Desktop\FixIEDef.exe
[08/11/2008 11:11 AM | 01,479,403 | ---- | C] () - C:\Documents and Settings\Enoch\Desktop\SmitfraudFix.exe
[08/11/2008 11:11 AM | ---D | C] - C:\Documents and Settings\Enoch\Desktop\SmitfraudFix
[08/27/2008 02:38 PM | 07,508,800 | ---- | C] () - C:\Documents and Settings\Enoch\Desktop\Dropbox 0.6.285.exe
[08/27/2008 03:13 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Enoch\Desktop\OTViewIt.exe
[08/27/2008 02:38 PM | 00,000,678 | ---- | C] () - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup\Dropbox.lnk
[08/07/2008 02:35 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/08/2008 05:55 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/08/2008 06:18 PM | ---D | C] - C:\Program Files\Kaspersky Lab
[08/08/2008 06:38 PM | ---D | C] - C:\Program Files\Trend Micro
[08/11/2008 10:24 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/11/2008 10:36 AM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[08/27/2008 02:38 PM | ---D | C] - C:\Program Files\Dropbox

[Files/Folders - Modified Within 30 days]
[08/11/2008 03:44 AM | ---D | M] - C:\SDFix
[08/11/2008 10:44 AM | ---D | M] - C:\Software
[08/12/2008 03:03 PM | -HSD | M] - C:\System Volume Information
[08/20/2008 11:12 AM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/21/2008 11:26 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[08/21/2008 11:26 AM | 00,000,268 | -H-- | M] () - C:\sqmdata01.sqm
[08/25/2008 08:19 PM | ---D | M] - C:\ComboFix
[08/25/2008 08:19 PM | ---D | M] - C:\QooBox
[08/25/2008 08:19 PM | ---D | M] - C:\WINDOWS
[08/26/2008 01:00 PM | -HSD | M] - C:\RECYCLER
[08/27/2008 02:38 PM | R--D | M] - C:\Program Files
[08/11/2008 11:14 AM | 00,000,027 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[07/29/2008 08:20 PM | 00,024,774 | ---- | M] () - C:\WINDOWS\System32\drivers\klopp.dat
[07/30/2008 08:07 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/08/2008 06:17 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/08/2008 06:18 PM | 00,087,855 | ---- | M] () - C:\WINDOWS\System32\drivers\klick.dat
[08/08/2008 06:25 PM | 00,096,976 | ---- | M] () - C:\WINDOWS\System32\drivers\klin.dat
[08/11/2008 10:14 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/26/2008 08:51 PM | 00,003,012 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/26/2008 08:51 PM | 00,043,276 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/26/2008 08:51 PM | 00,565,280 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/26/2008 08:51 PM | 05,401,120 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[1 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/08/2008 05:55 PM | 00,001,152 | ---- | M] () - C:\WINDOWS\System32\windrv.sys
[08/09/2008 03:37 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/11/2008 10:12 AM | ---D | M] - C:\WINDOWS\System32\config
[08/11/2008 11:14 AM | 00,002,864 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[08/20/2008 11:11 AM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\Com
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\npp
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\oobe
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\bits
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\en
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\en-US
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\scripting
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\usmt
[08/20/2008 11:19 AM | ---D | M] - C:\WINDOWS\System32\Setup
[08/20/2008 11:19 AM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 11:21 AM | 01,765,480 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/20/2008 11:22 AM | 00,071,308 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/20/2008 11:22 AM | 00,441,624 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/20/2008 11:22 AM | 00,522,706 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/20/2008 11:22 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/21/2008 08:20 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/24/2008 06:40 PM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/27/2008 03:15 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/27/2008 03:15 PM | ---D | M] - C:\WINDOWS\System32\drivers
[2 C:\WINDOWS\*.tmp files]
[08/04/2008 02:09 PM | -H-D | M] - C:\WINDOWS\PIF
[08/11/2008 10:12 AM | ---D | M] - C:\WINDOWS\erdnt
[08/12/2008 10:14 PM | 00,000,603 | ---- | M] () - C:\WINDOWS\win.ini
[08/18/2008 09:22 AM | ---D | M] - C:\WINDOWS\Debug
[08/20/2008 11:08 AM | ---D | M] - C:\WINDOWS\ehome
[08/20/2008 11:11 AM | ---D | M] - C:\WINDOWS\security
[08/20/2008 11:11 AM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\msagent
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\mui
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\srchasst
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\system
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\l2schemas
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\network diagnostic
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\PeerNet
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\WinSxS
[08/20/2008 11:18 AM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/20/2008 11:19 AM | ---D | M] - C:\WINDOWS\ime
[08/20/2008 11:19 AM | R-SD | M] - C:\WINDOWS\Fonts
[08/21/2008 08:05 PM | 00,000,069 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/21/2008 11:32 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/25/2008 08:17 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/25/2008 08:18 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/25/2008 11:54 AM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 07:50 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/27/2008 03:15 PM | ---D | M] - C:\WINDOWS\system32
[08/27/2008 03:15 PM | -H-D | M] - C:\WINDOWS\inf
[08/27/2008 03:22 PM | ---D | M] - C:\WINDOWS\temp
[08/27/2008 10:36 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 10:36 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/07/2008 02:35 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/08/2008 06:16 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/08/2008 06:16 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/11/2008 10:24 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/12/2008 03:31 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
[08/27/2008 10:36 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/06/2008 10:30 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\FileZilla
[08/11/2008 06:04 PM | --SD | M] - C:\Documents and Settings\Enoch\Application Data\Microsoft
[08/11/2008 10:24 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\SUPERAntiSpyware.com
[08/14/2008 11:45 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Adobe
[08/25/2008 07:57 PM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Azureus
[08/27/2008 02:39 PM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Dropbox
[08/07/2008 02:35 PM | ---D | M] - C:\Documents and Settings\Enoch\Local Settings\Application Data\Adobe
[08/20/2008 11:39 AM | 00,095,184 | ---- | M] () - C:\Documents and Settings\Enoch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/21/2008 08:05 PM | 00,099,840 | ---- | M] () - C:\Documents and Settings\Enoch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/31/2008 10:27 AM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\PSD
[08/06/2008 02:28 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Print-Banksy-Gallery
[08/08/2008 07:37 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Halloween
[08/08/2008 07:38 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\A - Old Catalog
[08/08/2008 07:42 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Email Blasts Holiday
[08/11/2008 10:19 AM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Simply Super Software
[08/12/2008 01:03 PM | R--D | M] - C:\Documents and Settings\Enoch\My Documents\My Pictures
[08/12/2008 04:03 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\DigiClick
[08/13/2008 01:25 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\AdobeStockPhotos
[08/20/2008 01:41 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\My Received Files
[08/20/2008 03:21 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\R-Epartner.com
[08/21/2008 04:11 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\sample_site_css
[08/21/2008 04:22 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout03
[08/21/2008 08:00 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout07
[08/22/2008 01:06 PM | 00,001,188 | ---- | M] () - C:\Documents and Settings\Enoch\My Documents\layout10.zip
[08/22/2008 01:20 PM | ---D
  • 0

#6
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Extras Log!!


OTViewIt Extras logfile created on: 8/27/2008 3:22:08 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Enoch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.33% Memory free
3.78 Gb Paging File | 3.42 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 166.89 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = ComFile] - File not found -
.exe [@ = exefile] - File not found -
.js [@ = jsfile] - [03/02/2004 09:55 AM | 12,169,216 | ---- | M] (Macromedia, Inc.) - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2007
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{271B64EE-3E1B-4381-A8FE-012390050492}" = ACDSee 6.0 PowerPack
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D22289D-ED59-4F97-B636-2111EC64F5D4}" = Apple Mobile Device Support
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{767F201B-D77B-4BEC-9ED5-B075D6118782}" = speedup_mypc
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = MacromediaDreamweaver MX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3672E1B-021F-4F50-A891-609471CCF941}" = NETGEAR Storage Central Manager Utility
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD9698D6-BBC5-4DC5-A718-B2736D6A59B7}" = EmFTP Professional (English)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}" = ULi Chipset Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Azureus Vuze" = Azureus Vuze
"Bodog Poker_is1" = Bodog Poker Version 2.13.6.4
"BulletProof FTP_is1" = BulletProof FTP
"CDisplay_is1" = CDisplay 1.8
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.1.0-beta2
"FLV Player" = FLV Player 2.0, build 24
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB923689" = Security Update for Windows XP (KB923689)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB932471.T301_380ToU433_380" = Hotfix for Microsoft .NET Framework 3.0 (KB932471)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Firefox (3.0b1)" = Mozilla Firefox (3.0b1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Shutdown_is1" = Power Shutdown v5.1
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SWFText" = SWFText
"TheMostCustomizableBrowser_is1" = Sleipnir Version 2.7.2
"Trojan Remover_is1" = Trojan Remover 6.7.1
"VideoCacheView" = VideoCacheView
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Yooniexchic,

Your logs seem to have got cut off.

Please post the rest.

Doesn't matter if you have to use more than one post.

regards
emeraldnzl
  • 0

#8
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Oh sorry about that!

Reposting OTViewIt
PART 1:

OTViewIt logfile created on: 8/27/2008 4:55:07 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Enoch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.72% Memory free
3.78 Gb Paging File | 2.92 Gb Available in Paging File | 77.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 166.90 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUS-64
Current User Name: Enoch
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[06/28/2005 10:55 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[03/19/2008 05:08 PM | 00,607,576 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[06/28/2005 10:55 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[06/28/2005 10:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[08/23/2005 09:59 PM | 00,409,600 | ---- | M] () - C:\Program Files\ULi5287\ULi5287.exe
[07/22/2005 03:00 AM | 00,081,920 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[07/09/2008 01:30 PM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/03/2008 02:22 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[09/20/2007 10:51 AM | 00,853,288 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[08/05/2005 03:08 PM | 00,067,160 | ---- | M] (America Online, Inc.) - C:\Program Files\AIM\aim.exe
[08/08/2007 08:54 PM | 00,376,891 | ---- | M] (Zetera Corporation) - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
[07/09/2008 01:30 PM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/03/2008 10:25 PM | 08,767,575 | ---- | M] (Evenflow, Inc.) - C:\Program Files\Dropbox\dropbox.exe
[07/18/2008 10:27 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
[07/09/2008 10:21 AM | 01,343,840 | ---- | M] (Nullsoft) - C:\Program Files\Winamp\winamp.exe
[03/02/2004 09:55 AM | 12,169,216 | ---- | M] (Macromedia, Inc.) - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
[08/27/2008 03:45 PM | 00,046,080 | ---- | M] (Macrovision Europe Ltd.) - C:\Documents and Settings\Enoch\Local Settings\temp\~e5d141.tmp
[08/27/2008 03:45 PM | 00,046,080 | ---- | M] (Macrovision Europe Ltd.) - C:\Documents and Settings\Enoch\Local Settings\temp\~e5d141.tmp
[08/27/2008 03:13 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Enoch\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[03/19/2008 05:08 PM | 00,607,576 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[11/08/2007 03:00 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(Adobe Version Cue CS2) Adobe Version Cue CS2 [Disabled | Stopped]
[04/04/2005 07:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

(Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped]
[03/20/2007 05:41 PM | 00,153,792 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/03/2008 02:22 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[06/28/2005 10:55 PM | 00,376,832 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(AVP) Kaspersky Anti-Virus [Auto | Stopped]
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 08:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[12/10/2007 05:02 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/09/2008 01:30 PM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped]
[05/13/2008 12:57 AM | 00,068,096 | ---- | M] () - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Auto | Running]
[09/20/2007 10:51 AM | 00,853,288 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(NMIndexingService) NMIndexingService [On_Demand | Stopped]
[09/20/2007 04:35 PM | 00,382,248 | ---- | M] (Nero AG) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(Z-SANService) Z-SAN Service [Auto | Running]
[08/08/2007 08:54 PM | 00,376,891 | ---- | M] (Zetera Corporation) - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

===== Driver Services - Non-Microsoft Only =====

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[07/26/2005 05:03 AM | 03,644,032 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(AliIde) AliIde [Boot | Running]
[02/28/2006 08:00 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[06/28/2005 11:01 PM | 01,241,088 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\ComboFix\catchme.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 02:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[02/28/2006 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(ElbyDelay) ElbyDelay [Unknown | Running]
File not found -

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(kl1) kl1 [Boot | Running]
[07/21/2008 06:34 PM | 00,121,872 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\kl1.sys

(klbg) Kaspersky Lab Boot Guard Driver [Boot | Running]
[01/29/2008 06:29 PM | 00,032,784 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klbg.sys

(KLIF) Kaspersky Lab Driver [System | Running]
[08/08/2008 06:17 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys

(klim5) Kaspersky Anti-Virus NDIS Filter [On_Demand | Running]
[04/30/2008 06:06 PM | 00,024,592 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klim5.sys

(m5287) m5287 [Boot | Running]
[08/19/2005 11:18 AM | 00,101,120 | ---- | M] (ULi Electronics Inc.) - C:\WINDOWS\system32\drivers\m5287.sys

(MTsensor) ATK0110 ACPI UTILITY [On_Demand | Running]
[08/12/2004 10:56 PM | 00,005,810 | R--- | M] () - C:\WINDOWS\system32\drivers\ASACPI.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[11/08/2007 01:14 PM | 00,009,856 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[02/28/2006 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[12/04/2007 02:38 PM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SFSZ) DataPlow SFS for Zetera Storage Devices [Auto | Running]
[08/14/2007 10:29 PM | 00,345,984 | ---- | M] (DataPlow, Incorporated) - C:\WINDOWS\system32\drivers\sfsz.sys

(VClone) VClone [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\VClone.sys

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running]
[09/19/2005 09:41 AM | 00,241,280 | ---- | M] (Marvell) - C:\WINDOWS\system32\drivers\yk51x86.sys

(ZetBus) Zetera Virtual Bus [On_Demand | Running]
[08/08/2007 08:57 PM | 00,015,488 | ---- | M] (Zetera Corporation) - C:\WINDOWS\system32\drivers\ZetBus.sys

(ZetMPD) ZetMPD [On_Demand | Stopped]
[08/08/2007 08:57 PM | 00,005,120 | ---- | M] (Zetera Corporation) - C:\WINDOWS\system32\drivers\ZetMPD.sys

(ZetSFD) ZetSFD [Boot | Running]
[08/08/2007 08:57 PM | 00,012,800 | ---- | M] (Zetera Corporation) - C:\WINDOWS\system32\drivers\ZetSFD.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/03/2008 02:23 AM | 00,116,040 | ---- | M] (Apple Inc.)
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/28/2005 10:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"AVP" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/09/2008 01:30 PM | 00,289,064 | ---- | M] (Apple Inc.)
"NBKeyScan" = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 10:51 AM | 01,836,328 | ---- | M] (Nero AG)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [07/22/2005 03:00 AM | 00,081,920 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"ULiRaid" = C:\Program Files\ULi5287\ULi5287.exe [08/23/2005 09:59 PM | 00,409,600 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/09/2005 04:34 PM | 00,294,912 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe

[Enoch Startup Folder - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup]
[07/03/2008 10:25 PM | 08,767,575 | ---- | M] (Evenflow, Inc.) - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [06/11/2008 10:33 PM | 00,061,816 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
HKLM CLSID: (IEVkbdBHO Class) - [07/29/2008 08:21 PM | 00,062,728 | ---- | M] (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [10/23/2006 12:20 AM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [10/23/2006 12:20 AM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [10/23/2006 12:20 AM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

"{724D43A0-0D85-11D4-9908-00400523E39A}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{FFC77067-4045-419B-9AEF-DE9BE2E2AFF7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"NoDriveAutoRun" = 67108863
"NoDrives" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"DisableRegistryTools" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [04/04/2005 07:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [03/20/2007 05:41 PM | 00,153,792 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\EmFTP\EmFTP.exe" = C:\Program Files\EmFTP\EmFTP.exe [03/28/2007 12:23 PM | 00,492,440 | ---- | M] ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [09/29/2007 04:22 PM | 00,050,528 | ---- | M] (AOL LLC)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [04/13/2008 08:12 PM | 00,769,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/05/2005 03:08 PM | 00,067,160 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe [12/03/2007 08:28 PM | 00,254,976 | ---- | M] (Azureus Inc)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/09/2008 01:30 PM | 20,246,824 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [06/28/2005 10:56 PM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"DllName" = C:\WINDOWS\system32\klogon.dll [07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"CiSvc" = 3
"Adobe Version Cue CS2" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"backup" = C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk File not found
"location" = Common Startup
"command" = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [12/10/2007 05:13 PM | 00,295,606 | R--- | M] ()
"item" = Adobe Acrobat Speed Launcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
"backup" = C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 01:01 AM | 00,734,872 | ---- | M] ()
"item" = Adobe Acrobat Synchronizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup" = C:\WINDOWS\pss\Adobe Gamma.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Acrotray
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [10/23/2006 12:24 AM | 00,620,152 | ---- | M] (Adobe Systems Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Version Cue CS2]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = VersionCueCS2Tray
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [04/04/2005 07:58 PM | 00,856,064 | ---- | M] (Adobe Sytems Incorporated)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NeroCheck
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [03/01/2007 04:57 PM | 00,153,136 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleToolbarNotifier
"hkey" = HKCU
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrojanScanner]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Trjscan
"hkey" = HKLM
"command" = C:\Program Files\Trojan Remover\Trjscan.exe [08/11/2008 10:20 AM | 00,909,904 | ---- | M] (Simply Super Software)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{29734D2A-E117-4AE1-958E-FC9B75BB05AA}]
Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{839D0903-86B5-401B-AB11-AEBAAE6CB4BA}]
Servers: | Description: 1394 Net Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[11/08/2007 12:30 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
  • 0

#9
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTViewIt Part 2:


===== Hosts File =====

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/11/2008 10:09 AM | ---D | C] - C:\QooBox
[08/11/2008 10:23 AM | ---D | C] - C:\SDFix
[08/21/2008 11:26 AM | 00,000,244 | -H-- | C] () - C:\sqmnoopt01.sqm
[08/21/2008 11:26 AM | 00,000,268 | -H-- | C] () - C:\sqmdata01.sqm
[08/25/2008 08:14 PM | ---D | C] - C:\ComboFix
[08/26/2008 01:00 PM | -HSD | C] - C:\RECYCLER
[07/29/2008 08:20 PM | 00,024,774 | ---- | C] () - C:\WINDOWS\System32\drivers\klopp.dat
[08/08/2008 06:17 PM | 00,213,008 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/08/2008 06:18 PM | 00,003,012 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/08/2008 06:18 PM | 00,043,276 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/08/2008 06:18 PM | 00,087,855 | ---- | C] () - C:\WINDOWS\System32\drivers\klick.dat
[08/08/2008 06:18 PM | 00,096,976 | ---- | C] () - C:\WINDOWS\System32\drivers\klin.dat
[08/08/2008 06:18 PM | 00,565,280 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/08/2008 06:18 PM | 05,401,120 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/11/2008 10:24 AM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/11/2008 10:24 AM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/18/2008 09:31 AM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[08/18/2008 09:31 AM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[08/18/2008 09:31 AM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[08/18/2008 09:31 AM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[08/18/2008 09:31 AM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[08/18/2008 09:31 AM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[08/18/2008 09:31 AM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[08/18/2008 09:31 AM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[08/18/2008 09:31 AM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[08/18/2008 09:31 AM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/18/2008 09:31 AM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/18/2008 09:31 AM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/18/2008 09:31 AM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/18/2008 09:31 AM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/18/2008 09:31 AM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/18/2008 09:31 AM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/18/2008 09:31 AM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[08/18/2008 09:31 AM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/18/2008 09:31 AM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[08/18/2008 09:31 AM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[08/18/2008 09:31 AM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[08/18/2008 09:31 AM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/18/2008 09:31 AM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[08/18/2008 09:31 AM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/18/2008 09:31 AM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/18/2008 09:31 AM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/18/2008 09:31 AM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/18/2008 09:31 AM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/18/2008 09:31 AM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/18/2008 09:31 AM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/18/2008 09:31 AM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[08/18/2008 09:31 AM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[08/18/2008 09:31 AM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/18/2008 09:31 AM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/18/2008 09:31 AM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/18/2008 09:31 AM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/18/2008 09:31 AM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/18/2008 09:31 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/18/2008 09:31 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/18/2008 09:31 AM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/18/2008 09:31 AM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/18/2008 09:31 AM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/18/2008 09:31 AM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/18/2008 09:31 AM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/18/2008 09:31 AM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/18/2008 09:31 AM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[08/18/2008 09:31 AM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/18/2008 09:31 AM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/18/2008 09:31 AM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/18/2008 09:31 AM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/18/2008 09:31 AM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/18/2008 09:31 AM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/18/2008 09:31 AM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/18/2008 09:31 AM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/18/2008 09:31 AM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/18/2008 09:31 AM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/18/2008 09:32 AM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/18/2008 09:32 AM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[08/18/2008 09:32 AM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/18/2008 09:32 AM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/18/2008 09:32 AM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/18/2008 09:32 AM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/18/2008 09:32 AM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[1 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/07/2008 10:20 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/07/2008 10:20 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/07/2008 10:20 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/08/2008 05:55 PM | 00,001,152 | ---- | C] () - C:\WINDOWS\System32\windrv.sys
[08/11/2008 11:14 AM | 00,002,864 | ---- | C] () - C:\WINDOWS\System32\tmp.reg
[08/11/2008 11:14 AM | 00,025,600 | ---- | C] () - C:\WINDOWS\System32\WS2Fix.exe.vir
[08/11/2008 11:14 AM | 00,051,200 | ---- | C] () - C:\WINDOWS\System32\dumphive.exe
[08/11/2008 11:14 AM | 00,053,248 | ---- | C] (http://www.beyondlogic.org) - C:\WINDOWS\System32\Process.exe
[08/11/2008 11:14 AM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/11/2008 11:14 AM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\IEDFix.C.exe
[08/11/2008 11:14 AM | 00,086,528 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\VACFix.exe
[08/11/2008 11:14 AM | 00,288,417 | ---- | C] (S!Ri) - C:\WINDOWS\System32\SrchSTS.exe
[08/11/2008 11:14 AM | 00,289,144 | ---- | C] (S!Ri) - C:\WINDOWS\System32\VCCLSID.exe
[08/18/2008 09:31 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/18/2008 09:31 AM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[08/18/2008 09:31 AM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[08/18/2008 09:31 AM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[08/18/2008 09:31 AM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[08/18/2008 09:31 AM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[08/18/2008 09:31 AM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[08/18/2008 09:31 AM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[08/18/2008 09:31 AM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[08/18/2008 09:31 AM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[08/18/2008 09:31 AM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[08/18/2008 09:31 AM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[08/18/2008 09:31 AM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[08/18/2008 09:31 AM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[08/18/2008 09:31 AM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[08/18/2008 09:31 AM | 04,274,816 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\nv4_disp.dll
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\System32\bits
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\System32\en
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\System32\scripting
[2 C:\WINDOWS\*.tmp files]
[08/04/2008 02:09 PM | -H-D | C] - C:\WINDOWS\PIF
[08/11/2008 10:09 AM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[08/11/2008 10:09 AM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[08/11/2008 10:09 AM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[08/11/2008 10:09 AM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[08/11/2008 10:09 AM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[08/11/2008 10:09 AM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[08/11/2008 10:09 AM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[08/11/2008 10:09 AM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[08/11/2008 10:09 AM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08/11/2008 10:09 AM | ---D | C] - C:\WINDOWS\erdnt
[08/11/2008 11:33 AM | ---D | C] - C:\WINDOWS\temp
[08/18/2008 09:31 AM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[08/20/2008 11:10 AM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 11:13 AM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/20/2008 11:15 AM | ---D | C] - C:\WINDOWS\l2schemas
[08/20/2008 11:20 AM | ---D | C] - C:\WINDOWS\Prefetch
[08/08/2008 06:16 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/08/2008 06:18 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/11/2008 10:21 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
[08/11/2008 10:24 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/11/2008 10:24 AM | ---D | C] - C:\Documents and Settings\Enoch\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | C] - C:\Documents and Settings\Enoch\Application Data\SUPERAntiSpyware.com
[08/27/2008 02:38 PM | ---D | C] - C:\Documents and Settings\Enoch\Application Data\Dropbox
[08/04/2008 02:07 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\R-Epartner.com
[08/06/2008 02:25 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\Print-Banksy-Gallery
[08/11/2008 10:19 AM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\Simply Super Software
[08/13/2008 01:25 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\AdobeStockPhotos
[08/21/2008 04:11 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\sample_site_css
[08/21/2008 04:22 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout03
[08/21/2008 04:22 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout07
[08/21/2008 05:56 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout08
[08/22/2008 01:06 PM | 00,001,188 | ---- | C] () - C:\Documents and Settings\Enoch\My Documents\layout10.zip
[08/22/2008 01:07 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout10
[08/22/2008 12:59 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\layout09
[08/25/2008 02:22 PM | ---D | C] - C:\Documents and Settings\Enoch\My Documents\Stock_Funny
[08/26/2008 12:52 PM | 00,730,033 | ---- | C] () - C:\Documents and Settings\Enoch\My Documents\DebtReductionCalculator.zip
[08/27/2008 02:38 PM | R--D | C] - C:\Documents and Settings\Enoch\My Documents\My Dropbox
[08/07/2008 02:35 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/11/2008 10:24 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/11/2008 10:36 AM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[08/08/2008 06:38 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Enoch\Desktop\HijackThis.lnk
[08/09/2008 03:09 PM | 02,830,141 | R--- | C] () - C:\Documents and Settings\Enoch\Desktop\ComboFix.exe
[08/11/2008 10:50 AM | 00,456,263 | ---- | C] (Malwareteks.com) - C:\Documents and Settings\Enoch\Desktop\FixIEDef.exe
[08/11/2008 11:11 AM | 01,479,403 | ---- | C] () - C:\Documents and Settings\Enoch\Desktop\SmitfraudFix.exe
[08/11/2008 11:11 AM | ---D | C] - C:\Documents and Settings\Enoch\Desktop\SmitfraudFix
[08/27/2008 02:38 PM | 07,508,800 | ---- | C] () - C:\Documents and Settings\Enoch\Desktop\Dropbox 0.6.285.exe
[08/27/2008 03:13 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Enoch\Desktop\OTViewIt.exe
[08/27/2008 02:38 PM | 00,000,678 | ---- | C] () - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup\Dropbox.lnk
[08/07/2008 02:35 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/08/2008 05:55 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/08/2008 06:18 PM | ---D | C] - C:\Program Files\Kaspersky Lab
[08/08/2008 06:38 PM | ---D | C] - C:\Program Files\Trend Micro
[08/11/2008 10:24 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/11/2008 10:36 AM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[08/27/2008 02:38 PM | ---D | C] - C:\Program Files\Dropbox

[Files/Folders - Modified Within 30 days]
[08/11/2008 03:44 AM | ---D | M] - C:\SDFix
[08/11/2008 10:44 AM | ---D | M] - C:\Software
[08/12/2008 03:03 PM | -HSD | M] - C:\System Volume Information
[08/20/2008 11:12 AM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/21/2008 11:26 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[08/21/2008 11:26 AM | 00,000,268 | -H-- | M] () - C:\sqmdata01.sqm
[08/25/2008 08:19 PM | ---D | M] - C:\ComboFix
[08/25/2008 08:19 PM | ---D | M] - C:\QooBox
[08/25/2008 08:19 PM | ---D | M] - C:\WINDOWS
[08/26/2008 01:00 PM | -HSD | M] - C:\RECYCLER
[08/27/2008 02:38 PM | R--D | M] - C:\Program Files
[08/11/2008 11:14 AM | 00,000,027 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[07/29/2008 08:20 PM | 00,024,774 | ---- | M] () - C:\WINDOWS\System32\drivers\klopp.dat
[07/30/2008 08:07 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/08/2008 06:17 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/08/2008 06:18 PM | 00,087,855 | ---- | M] () - C:\WINDOWS\System32\drivers\klick.dat
[08/08/2008 06:25 PM | 00,096,976 | ---- | M] () - C:\WINDOWS\System32\drivers\klin.dat
[08/11/2008 10:14 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/26/2008 08:51 PM | 00,003,012 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/26/2008 08:51 PM | 00,043,276 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/26/2008 08:51 PM | 00,565,280 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/26/2008 08:51 PM | 05,401,120 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[1 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/08/2008 05:55 PM | 00,001,152 | ---- | M] () - C:\WINDOWS\System32\windrv.sys
[08/09/2008 03:37 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/11/2008 10:12 AM | ---D | M] - C:\WINDOWS\System32\config
[08/11/2008 11:14 AM | 00,002,864 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[08/20/2008 11:11 AM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\Com
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\npp
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\oobe
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\bits
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\en
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\en-US
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\scripting
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\System32\usmt
[08/20/2008 11:19 AM | ---D | M] - C:\WINDOWS\System32\Setup
[08/20/2008 11:19 AM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 11:21 AM | 01,765,480 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/20/2008 11:22 AM | 00,071,308 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/20/2008 11:22 AM | 00,441,624 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/20/2008 11:22 AM | 00,522,706 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/20/2008 11:22 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/21/2008 08:20 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/24/2008 06:40 PM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/27/2008 03:15 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/27/2008 03:15 PM | ---D | M] - C:\WINDOWS\System32\drivers
[2 C:\WINDOWS\*.tmp files]
[08/04/2008 02:09 PM | -H-D | M] - C:\WINDOWS\PIF
[08/11/2008 10:12 AM | ---D | M] - C:\WINDOWS\erdnt
[08/12/2008 10:14 PM | 00,000,603 | ---- | M] () - C:\WINDOWS\win.ini
[08/18/2008 09:22 AM | ---D | M] - C:\WINDOWS\Debug
[08/20/2008 11:08 AM | ---D | M] - C:\WINDOWS\ehome
[08/20/2008 11:11 AM | ---D | M] - C:\WINDOWS\security
[08/20/2008 11:11 AM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\msagent
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\mui
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\srchasst
[08/20/2008 11:13 AM | ---D | M] - C:\WINDOWS\system
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\l2schemas
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\network diagnostic
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\PeerNet
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/20/2008 11:15 AM | ---D | M] - C:\WINDOWS\WinSxS
[08/20/2008 11:18 AM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/20/2008 11:19 AM | ---D | M] - C:\WINDOWS\ime
[08/20/2008 11:19 AM | R-SD | M] - C:\WINDOWS\Fonts
[08/21/2008 08:05 PM | 00,000,069 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/21/2008 11:32 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/25/2008 08:17 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/25/2008 08:18 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/25/2008 11:54 AM | -HSD | M] - C:\WINDOWS\Installer
[08/27/2008 03:15 PM | ---D | M] - C:\WINDOWS\system32
[08/27/2008 03:15 PM | -H-D | M] - C:\WINDOWS\inf
[08/27/2008 03:22 PM | ---D | M] - C:\WINDOWS\temp
[08/27/2008 04:55 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/27/2008 10:36 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 10:36 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/07/2008 02:35 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/08/2008 06:16 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/08/2008 06:16 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/11/2008 10:24 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/12/2008 03:31 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
[08/27/2008 10:36 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/06/2008 10:30 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\FileZilla
[08/11/2008 06:04 PM | --SD | M] - C:\Documents and Settings\Enoch\Application Data\Microsoft
[08/11/2008 10:24 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Malwarebytes
[08/11/2008 10:36 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\SUPERAntiSpyware.com
[08/14/2008 11:45 AM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Adobe
[08/25/2008 07:57 PM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Azureus
[08/27/2008 02:39 PM | ---D | M] - C:\Documents and Settings\Enoch\Application Data\Dropbox
[08/07/2008 02:35 PM | ---D | M] - C:\Documents and Settings\Enoch\Local Settings\Application Data\Adobe
[08/20/2008 11:39 AM | 00,095,184 | ---- | M] () - C:\Documents and Settings\Enoch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/21/2008 08:05 PM | 00,099,840 | ---- | M] () - C:\Documents and Settings\Enoch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/31/2008 10:27 AM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\PSD
[08/06/2008 02:28 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Print-Banksy-Gallery
[08/08/2008 07:37 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Halloween
[08/08/2008 07:38 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\A - Old Catalog
[08/08/2008 07:42 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Email Blasts Holiday
[08/11/2008 10:19 AM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Simply Super Software
[08/12/2008 01:03 PM | R--D | M] - C:\Documents and Settings\Enoch\My Documents\My Pictures
[08/12/2008 04:03 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\DigiClick
[08/13/2008 01:25 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\AdobeStockPhotos
[08/20/2008 01:41 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\My Received Files
[08/20/2008 03:21 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\R-Epartner.com
[08/21/2008 04:11 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\sample_site_css
[08/21/2008 04:22 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout03
[08/21/2008 08:00 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout07
[08/22/2008 01:06 PM | 00,001,188 | ---- | M] () - C:\Documents and Settings\Enoch\My Documents\layout10.zip
[08/22/2008 01:20 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout10
[08/22/2008 12:59 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout09
[08/25/2008 02:23 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Stock_Funny
[08/25/2008 05:40 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Stock Photos
[08/26/2008 01:00 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Azureus Downloads
[08/26/2008 01:00 PM | R--D | M] - C:\Documents and Settings\Enoch\My Documents\My Music
[08/26/2008 12:52 PM | 00,730,033 | ---- | M] () - C:\Documents and Settings\Enoch\My Documents\DebtReductionCalculator.zip
[08/27/2008 02:27 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\Email_Blast
[08/27/2008 02:39 PM | R--D | M] - C:\Documents and Settings\Enoch\My Documents\My Dropbox
[08/27/2008 03:16 PM | ---D | M] - C:\Documents and Settings\Enoch\My Documents\layout08
[08/27/2008 10:37 AM | 00,000,568 | ---- | M] () - C:\Documents and Settings\Enoch\My Documents\My Sharing Folders.lnk
[08/07/2008 02:35 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/11/2008 10:24 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/11/2008 10:36 AM | 00,000,780 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[08/08/2008 06:38 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Enoch\Desktop\HijackThis.lnk
[08/11/2008 10:50 AM | 00,456,263 | ---- | M] (Malwareteks.com) - C:\Documents and Settings\Enoch\Desktop\FixIEDef.exe
[08/11/2008 11:11 AM | 01,479,403 | ---- | M] () - C:\Documents and Settings\Enoch\Desktop\SmitfraudFix.exe
[08/11/2008 11:11 AM | ---D | M] - C:\Documents and Settings\Enoch\Desktop\SmitfraudFix
[08/25/2008 08:14 PM | 02,830,141 | R--- | M] () - C:\Documents and Settings\Enoch\Desktop\ComboFix.exe
[08/27/2008 02:38 PM | 07,508,800 | ---- | M] () - C:\Documents and Settings\Enoch\Desktop\Dropbox 0.6.285.exe
[08/27/2008 03:13 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Enoch\Desktop\OTViewIt.exe
[08/27/2008 02:38 PM | 00,000,678 | ---- | M] () - C:\Documents and Settings\Enoch\Start Menu\Programs\Startup\Dropbox.lnk
[08/07/2008 02:35 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/07/2008 02:35 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR
[08/08/2008 05:55 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/11/2008 10:35 AM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/20/2008 11:13 AM | ---D | M] - C:\Program Files\Common Files\System

< End of report >
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Yooniexchic,

Not too much to see there.

Firstly, lets get rid of some old versions of Java.

Older versions are vunerable to attack.
  • Go to Start > Settings > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java. Go here for a video on how to do it Video Add/Remove Programs
  • Check (highlight) any item except JRE 1.6.0_07 with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all older Java components are removed.

    Now

    Before we proceed we need to backup your Registry. Making changes to your computers registry is a dangerous proceedure and backup will allow us to recover information if necessary.

    Download and install ERUNT (Emergency Recovery Utility NT) from here lars Hederer or here Snapfiles.com.

    Click on ERUNT and follow the prompts to backup your registry to a location of your choosing.

    Next

    Please download the OTMoveIt2 by OldTimer.[list]
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay\DropTarget\\ {f26a669a-bcbb-4e37-abf9-7325da15f931}
    HKEY_CLASSES_ROOT\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}
    \Shell\Autoplay\DropTarget
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Finally in this post

I see you have run Kaspersky but lets do it again so I can have a look at the results.

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • OTMoveIt2 report
  • Kaspersky scan results
  • a fresh HijackThis report
  • and tell me what problems, if any, you are experiencing with your computer now

  • 0

Advertisements


#11
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay, I'll start with posting the OTMoveIT log:

Explorer killed successfully
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay\\ not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay\DropTarget\\ {f26a669a-bcbb-4e37-abf9-7325da15f931} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\Shell\Autoplay\DropTarget not found.
< HKEY_CLASSES_ROOT\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931} >
Registry key HKEY_CLASSES_ROOT\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5572df08-8e1b-11dc-bfdc-0015f2828fed}\\ deleted successfully.
File/Folder \Shell\Autoplay\DropTarget not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Enoch\LOCALS~1\Temp\etilqs_X3qPRn93lAvnXZrXiZU0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3d2d90e69e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3d3087d3d5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3de632be45.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3de63d2ea0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3de6d36aff.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3de6de31f4.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3dea0ae80b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3dea173e7a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3df556dffb.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3df67034b6.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3dfc36959d.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3dfc442f72.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4083895a55.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~408565bf94.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4a70767b4a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4a7090ce56.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b6cc70a47.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b6cd245d8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b6f25d77e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b6f487b9d.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b79d558c8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b79eaa750.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b7da4fe48.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4b7db31ea2.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4bdcf842ae.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4bdd81324f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4c24a87b63.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4c24bad632.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4c2c64b820.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4c2c6ffa76.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4c2c9a51aa.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4c2ca7471e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4ce3341beb.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4ce34f5b0b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4dbcde74d6.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4dbcf4960c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4dbd41290f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~4dbd4c3981.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~54d345aee8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~54d350a510.htp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08282008_183659

Files moved on Reboot...
File C:\DOCUME~1\Enoch\LOCALS~1\Temp\etilqs_X3qPRn93lAvnXZrXiZU0 not found!
File C:\WINDOWS\temp\cch~3d2d90e69e.htp not found!
File C:\WINDOWS\temp\cch~3d3087d3d5.htp not found!
File C:\WINDOWS\temp\cch~3de632be45.htp not found!
File C:\WINDOWS\temp\cch~3de63d2ea0.htp not found!
File C:\WINDOWS\temp\cch~3de6d36aff.htp not found!
File C:\WINDOWS\temp\cch~3de6de31f4.htp not found!
File C:\WINDOWS\temp\cch~3dea0ae80b.htp not found!
File C:\WINDOWS\temp\cch~3dea173e7a.htp not found!
File C:\WINDOWS\temp\cch~3df556dffb.htp not found!
File C:\WINDOWS\temp\cch~3df67034b6.htp not found!
File C:\WINDOWS\temp\cch~3dfc36959d.htp not found!
File C:\WINDOWS\temp\cch~3dfc442f72.htp not found!
File C:\WINDOWS\temp\cch~4083895a55.htp not found!
File C:\WINDOWS\temp\cch~408565bf94.htp not found!
File C:\WINDOWS\temp\cch~4a70767b4a.htp not found!
File C:\WINDOWS\temp\cch~4a7090ce56.htp not found!
File C:\WINDOWS\temp\cch~4b6cc70a47.htp not found!
File C:\WINDOWS\temp\cch~4b6cd245d8.htp not found!
File C:\WINDOWS\temp\cch~4b6f25d77e.htp not found!
File C:\WINDOWS\temp\cch~4b6f487b9d.htp not found!
File C:\WINDOWS\temp\cch~4b79d558c8.htp not found!
File C:\WINDOWS\temp\cch~4b79eaa750.htp not found!
File C:\WINDOWS\temp\cch~4b7da4fe48.htp not found!
File C:\WINDOWS\temp\cch~4b7db31ea2.htp not found!
File C:\WINDOWS\temp\cch~4bdcf842ae.htp not found!
File C:\WINDOWS\temp\cch~4bdd81324f.htp not found!
File C:\WINDOWS\temp\cch~4c24a87b63.htp not found!
File C:\WINDOWS\temp\cch~4c24bad632.htp not found!
File C:\WINDOWS\temp\cch~4c2c64b820.htp not found!
File C:\WINDOWS\temp\cch~4c2c6ffa76.htp not found!
File C:\WINDOWS\temp\cch~4c2c9a51aa.htp not found!
File C:\WINDOWS\temp\cch~4c2ca7471e.htp not found!
File C:\WINDOWS\temp\cch~4ce3341beb.htp not found!
File C:\WINDOWS\temp\cch~4ce34f5b0b.htp not found!
File C:\WINDOWS\temp\cch~4dbcde74d6.htp not found!
File C:\WINDOWS\temp\cch~4dbcf4960c.htp not found!
File C:\WINDOWS\temp\cch~4dbd41290f.htp not found!
File C:\WINDOWS\temp\cch~4dbd4c3981.htp not found!
File C:\WINDOWS\temp\cch~54d345aee8.htp not found!
File C:\WINDOWS\temp\cch~54d350a510.htp not found!
  • 0

#12
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I tried to run the online Kaspersky scanner using Internet Explorer. First, I disabled/exited the Kaspersky antivirus on my computer.

Everything seemed to working okay, and then towards the end of the scan, I got the Blue Screen of Death. I rebooted computer and then tried to scan again, but the same thing happened: BSOD.

Upon reboot, I got a message asking me if I wanted to report the error to Windows. I clicked where it says to click to see what data this error contains, and this is what I got:

Error Signature:
BCCode : 100000d4 BCP1 : A6311938 BCP2 : 000000FF BCP3 : 00000001
BCP4 : 805469D9 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

And about the technical information about the error report, I got this:

C:\DOCUME~1\Enoch\LOCALS~1\Temp\WERc122.dir00\Mini082808-01.dmp
C:\DOCUME~1\Enoch\LOCALS~1\Temp\WERc122.dir00\sysdata.xml



Anyway, I'm not sure if I should continue trying to use Kaspersky (with IE 7.0) again.

This is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:07 PM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dropbox\dropbox.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194547183640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9206 bytes
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hi Yooniexchic,

Look forward to seeing the rest.

regards
emeraldnzl
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
OK so our posts crossed.

Maybe have one more try at Kaspersky.

Make sure you have all your anti-malware programs disabled including your Kaspersky anti-virus. It might be interfering with itself.

If that doesn't work we will look at an alternative.

Let me know how you get on.

Cheers
emeraldnzl
  • 0

#15
Yooniexchic

Yooniexchic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay, I tried it again and immediately after it started scanning I got the Blue Screen of Death again.

I made sure that:
- All antivirus or antispyware programs were shut off
- Used Internet Explorer (7.0)


Just FYI, I pretty much never get BSOD on this computer, even after my computer got infected. I'm not sure what's causing it, but I don't think I should use Kaspersky online scanner again.

Any ideas?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP