[A W]

Avira says I have both HTML/Infected.WebPage.Gen & JS/Agent.1366. The following is my HijackThis log. Please advise what my next steps should be. Your assistance is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:21 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwsc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.129.192.52:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0a970507-e1c7-4661-8ba3-6d92b3ebf535} - C:\WINDOWS\system32\mayonibe.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [98f26c50] rundll32.exe "C:\WINDOWS\system32\vuwupajo.dll",b
O4 - HKLM\..\Run: [CPM9bc15fcc] Rundll32.exe "c:\windows\system32\hisozega.dll",a
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s (User 'NETWORK SERVICE')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....r_installer.exe
O20 - AppInit_DLLs: c:\windows\system32\kirofove.dll C:\WINDOWS\system32\mudagisi.dll c:\windows\system32\hisozega.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hisozega.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hisozega.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 9127 bytes

[Advertisements]

Hello A W,

Welcome to Geeks to Go! My name is Fred21543 and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, so I ask for your patience.
Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.

[Fred21543]

Hello A W,

Welcome to Geeks to Go! My name is Fred21543 and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, so I ask for your patience.
Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.

[Fred21543]

Have you set the following IP as a proxy server?

209.129.192.52:80

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please click Here to update.


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {0a970507-e1c7-4661-8ba3-6d92b3ebf535} - C:\WINDOWS\system32\mayonibe.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s
O4 - HKLM\..\Run: [98f26c50] rundll32.exe "C:\WINDOWS\system32\vuwupajo.dll",b
O4 - HKLM\..\Run: [CPM9bc15fcc] Rundll32.exe "c:\windows\system32\hisozega.dll",a
O4 - HKUS\S-1-5-19\..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\kirofove.dll C:\WINDOWS\system32\mudagisi.dll c:\windows\system32\hisozega.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hisozega.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hisozega.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[A W]

HI Fred, Appreciate the help. Not sure about my Proxy IP. I may of altered it for my p2p downloads. How can I confirm this with you? (sorry for the newb question). I have followed your instructions to the tee and here are the txt documents from OTList2. Please advise.

OTListIt logfile created on: 12/31/2008 6:49:42 AM - Run
OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\ALAN WONG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 548.88 Mb Available Physical Memory | 57.27% Memory free
2.26 Gb Paging File | 1.85 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.91 Gb Total Space | 40.71 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
Drive D: | 244.17 Gb Total Space | 52.98 Gb Free Space | 21.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AL-POWER
Current User Name: ALAN WONG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
C:\Documents and Settings\ALAN WONG\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(AntiVirMailService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
(AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
(AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
(antivirwebservice [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
(AVEService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
(NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
(RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
(SmcService [Auto | Running]) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
(usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
(WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
(avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
(avipbb [System | Running]) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
(FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )
(FETNDISB [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. )
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
(IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
(pcouffin [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(QV2KUX [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
(S3GIGP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ssmdrv [System | Running]) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
(tapvpn [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
(Teefer [Boot | Running]) -- C:\WINDOWS\system32\drivers\Teefer.sys (Sygate Technologies, Inc.)
(uagp35 [Boot | Running]) -- C:\WINDOWS\system32\drivers\uagp35.sys (Microsoft Corporation)
(usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
(videX32 [Boot | Running]) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
(wg3n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg3n.sys (Sygate Technologies, Inc.)
(wg4n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg4n.sys (Sygate Technologies, Inc.)
(wg5n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg5n.sys (Sygate Technologies, Inc.)
(wg6n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg6n.sys (Sygate Technologies, Inc.)
(wpsdrvnt [System | Running]) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
(WS2IFSL [System | Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)
(xfilt [Boot | Running]) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0a970507-e1c7-4661-8ba3-6d92b3ebf535} - C:\WINDOWS\system32\rosobogu.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [98f26c50] rundll32.exe "C:\WINDOWS\system32\beyamata.dll",b (ESET)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CPM9bc15fcc] Rundll32.exe "c:\windows\system32\lunigiso.dll",a ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [ludivovoba] Rundll32.exe "C:\WINDOWS\system32\zubayoro.dll",s ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [S3Trayp] S3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\ALAN WONG\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...9798.7310069444 (Update Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}c:\WINDOWS\system32\lunigiso.dll ()
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (STS) - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\WINDOWS\system32\lunigiso.dll ()

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = c:\windows\system32\lunigiso.dll,C:\WINDOWS\system32\sirofiru.dll,c:\windows\system32\kirofove.dll
>c:\WINDOWS\system32\lunigiso.dll ()
>C:\WINDOWS\system32\sirofiru.dll ()
>c:\WINDOWS\system32\kirofove.dll ()

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/31 06:48:22 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALAN WONG\Desktop\OTListIt2.exe
[2008/12/31 06:42:39 | 35,124,856 | ---- | C] ( ) -- C:\Documents and Settings\ALAN WONG\Desktop\AdbeRdr90_en_US.exe
[2008/12/30 19:55:14 | 01,294,290 | -HS- | C] () -- C:\WINDOWS\System32\atamayeb.ini
[2008/12/30 19:25:10 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\HijackThis.lnk
[2008/12/30 19:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/30 10:31:35 | 00,061,440 | ---- | C] (ESET) -- C:\WINDOWS\System32\~.exe
[2008/12/30 10:30:51 | 00,061,440 | ---- | C] (ESET) -- C:\WINDOWS\System32\a.exe
[2008/12/30 07:55:07 | 01,294,283 | -HS- | C] () -- C:\WINDOWS\System32\ojapuwuv.ini
[2008/12/29 18:39:22 | 33,554,432 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\3014 - Iron Chef America -Supreme Cuisine (U).nds
[2008/12/29 16:26:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALAN WONG\Application Data\Avira
[2008/12/29 16:23:04 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Premium.lnk
[2008/12/29 16:22:57 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/12/29 16:22:56 | 00,094,465 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\avsda.dll
[2008/12/29 16:22:55 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/29 16:22:55 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/12/29 16:22:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/29 13:21:55 | 00,000,000 | -H-D | C] -- C:\kleaner.tmp
[2008/12/29 13:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/29 13:04:09 | 01,294,586 | -HS- | C] () -- C:\WINDOWS\System32\ijodulur.ini
[2008/12/28 11:44:20 | 13,421,7728 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2923 - Guitar Rock Tour (U).nds
[2008/12/28 11:43:56 | 26,843,5456 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2906 - Star Wars The Clone Wars - Jedi Alliance (U).nds
[2008/12/28 11:43:49 | 67,108,864 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2905 - Call of Duty - World at War (U).nds
[2008/12/28 11:43:42 | 13,421,7728 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2897 - Guitar Hero On Tour - Decades (E).nds
[2008/12/18 09:22:15 | 00,007,786 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Large.jpg
[2008/12/18 09:22:15 | 00,002,381 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Small.jpg
[2008/12/17 23:51:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/17 19:56:52 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/12/17 19:50:59 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2008/12/17 19:50:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/17 19:50:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/17 19:49:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/17 19:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/12/16 11:26:15 | 00,009,571 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Large.jpg
[2008/12/16 11:26:15 | 00,002,744 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Small.jpg
[2008/12/15 13:18:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALAN WONG\My Documents\LimeWire
[2008/12/14 09:43:40 | 00,625,026 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\emaildirect_51_2008.pdf
[2008/12/08 15:34:25 | 00,002,218 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\Tia's resume.rtf
[2008/12/03 20:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\CDisplay

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/31 06:48:22 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALAN WONG\Desktop\OTListIt2.exe
[2008/12/31 06:45:18 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rideheye
[2008/12/31 06:43:44 | 35,124,856 | ---- | M] ( ) -- C:\Documents and Settings\ALAN WONG\Desktop\AdbeRdr90_en_US.exe
[2008/12/31 06:38:08 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\My Sharing Folders.lnk
[2008/12/31 06:37:42 | 01,294,290 | -HS- | M] () -- C:\WINDOWS\System32\atamayeb.ini
[2008/12/31 06:36:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/31 06:36:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/30 19:55:16 | 00,061,173 | -HS- | M] (ESET) -- C:\WINDOWS\System32\bekehutu.dll
[2008/12/30 19:55:15 | 00,096,849 | -HS- | M] () -- C:\WINDOWS\System32\lunigiso.dll
[2008/12/30 19:55:14 | 00,086,295 | -HS- | M] (ESET) -- C:\WINDOWS\System32\beyamata.dll
[2008/12/30 19:25:10 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\HijackThis.lnk
[2008/12/30 15:00:54 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/30 10:31:51 | 00,061,440 | ---- | M] (ESET) -- C:\WINDOWS\System32\~.exe
[2008/12/30 10:30:51 | 00,061,440 | ---- | M] (ESET) -- C:\WINDOWS\System32\a.exe
[2008/12/30 07:55:10 | 01,294,283 | -HS- | M] () -- C:\WINDOWS\System32\ojapuwuv.ini
[2008/12/30 07:55:06 | 00,097,486 | -HS- | M] (ESET) -- C:\WINDOWS\System32\hisozega.dll
[2008/12/29 19:02:00 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/29 16:47:11 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/29 16:23:04 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Premium.lnk
[2008/12/29 13:04:14 | 01,294,586 | -HS- | M] () -- C:\WINDOWS\System32\ijodulur.ini
[2008/12/29 13:04:05 | 00,098,092 | -HS- | M] (ESET) -- C:\WINDOWS\System32\mepawadi.dll
[2008/12/29 12:43:45 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Application Data\vso_ts_preview.xml
[2008/12/27 21:20:01 | 00,008,678 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\Folder.jpg
[2008/12/27 21:20:01 | 00,002,388 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArtSmall.jpg
[2008/12/27 20:57:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\iTunes.lnk
[2008/12/24 19:39:09 | 00,017,920 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\Thumbs.db
[2008/12/23 09:38:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/18 23:57:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/18 09:22:15 | 00,000,363 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\desktop.ini
[2008/12/18 09:22:13 | 00,007,786 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Large.jpg
[2008/12/18 09:22:10 | 00,002,381 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Small.jpg
[2008/12/17 19:54:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/17 19:54:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/17 19:50:59 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2008/12/16 11:26:15 | 00,009,571 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Large.jpg
[2008/12/16 11:26:14 | 00,002,744 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Small.jpg
[2008/12/14 09:43:40 | 00,625,026 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\emaildirect_51_2008.pdf
[2008/12/13 17:55:35 | 01,820,420 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\Thumbs.db
[2008/12/12 01:22:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/08 15:33:50 | 00,002,218 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\Tia's resume.rtf
[2008/12/04 16:31:34 | 06,919,760 | -H-- | M] () -- C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\IconCache.db

========== LOP Check ==========

[2008/12/29 16:26:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\ALAN WONG\Application Data
[2008/12/10 15:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Adobe
[2008/05/08 08:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\AdobeUM
[2007/10/26 08:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Ahead
[2008/09/19 16:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Apple Computer
[2008/12/29 16:26:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Avira
[2008/12/29 16:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Azureus
[2007/11/11 23:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\BitTorrent
[2007/11/12 10:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\BitTorrent DNA
[2007/10/26 09:04:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\CyberLink
[2007/12/23 20:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\DivX
[2008/12/13 19:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\dvdcss
[2008/01/20 16:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\GetRightToGo
[2007/10/26 11:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Google
[2007/10/29 02:52:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Help
[2007/10/25 11:44:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Identities
[2008/12/30 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Lavasoft
[2007/11/04 16:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Leadertech
[2008/12/27 21:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\LimeWire
[2008/02/01 11:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Macromedia
[2007/12/26 16:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Media Player Classic
[2008/11/11 11:08:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Microsoft
[2008/11/11 11:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Microsoft Games
[2008/01/07 18:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Move Networks
[2008/06/25 15:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Mozilla
[2008/11/05 17:34:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\SecuROM
[2007/10/27 20:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Sun
[2007/11/01 10:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Talkback
[2007/12/20 16:01:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\TVU Networks
[2008/09/26 22:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\uTorrent
[2007/12/30 16:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\vlc
[2008/12/29 12:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Vso
[2008/11/04 22:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\WarZone
[2008/12/29 16:22:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/22 06:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/05/08 07:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/28 22:11:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2007/10/30 20:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/11/05 09:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/29 16:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2007/10/27 09:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/10/26 09:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/11/28 13:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/23 20:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/12/29 13:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/10/05 19:18:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/10/25 15:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/08/01 09:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2008/02/08 17:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/03/30 11:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU networks
[2007/10/30 02:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/10/25 12:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/17 18:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/12/18 23:57:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/12/31 06:36:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >
________________________________________________________________________________
_____________________________________

OTListIt Extras logfile created on: 12/31/2008 6:49:42 AM - Run
OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\ALAN WONG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 548.88 Mb Available Physical Memory | 57.27% Memory free
2.26 Gb Paging File | 1.85 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.91 Gb Total Space | 40.71 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
Drive D: | 244.17 Gb Total Space | 52.98 Gb Free Space | 21.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AL-POWER
Current User Name: ALAN WONG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component (TVU networks)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent ()
D:\program files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application (www.sopcast.com)
D:\program files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
D:\program files\SopCast\sopvod.exe:*:Enabled:sopvod ()
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup (Nero AG)
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched File not found
C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse (Microsoft Corporation)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe:*:Enabled:RichVideo ()
C:\WINDOWS\system32\S3Trayp.exe:*:Enabled:S3trayp (S3 Graphics Co., Ltd.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe:*:Enabled:PDVDServ (Cyberlink Corp.)
C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe:*:Enabled:ConvertXtoDvd (VSO Software SARL)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe:*:Enabled:NMIndexingService (Nero AG)
C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService (Apple Inc.)
C:\Program Files\Sygate\SPF\Smc.exe:*:Enabled:smc (Sygate Technologies, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java™ SE Development Kit 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{487E76B4-8A45-4C2E-B20A-218D33A8EA7D}_is1" = ConvertXtoDVD 2.99.9.500
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{583A9C95-8DB9-11D5-BA72-0048546FEA44}" = Elmo Through the Looking Glass
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AC76BA86-7AD7-1033-7B44-A71000

[A W]

Hey Fred. Would also like to add that in your previous post regarding checkboxing the Hijackthis list I did not see the exact filenames that you posted.

ie: mayonibe.dll (file missing), damorume.dll, vuwupajo.dll, hisozega.dll

Just pointing this out. Unsure if this is significant or not.

[Fred21543]

Your Extras.Txt log got cut off. Could you please repost it until the end of the log?

That does not surprise me exactly.

[A W]

Sorry for the delay. Here you go. Happy new year.

OTListIt Extras logfile created on: 12/31/2008 6:49:42 AM - Run
OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\ALAN WONG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 548.88 Mb Available Physical Memory | 57.27% Memory free
2.26 Gb Paging File | 1.85 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.91 Gb Total Space | 40.71 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
Drive D: | 244.17 Gb Total Space | 52.98 Gb Free Space | 21.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AL-POWER
Current User Name: ALAN WONG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component (TVU networks)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent ()
D:\program files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application (www.sopcast.com)
D:\program files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
D:\program files\SopCast\sopvod.exe:*:Enabled:sopvod ()
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup (Nero AG)
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched File not found
C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse (Microsoft Corporation)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe:*:Enabled:RichVideo ()
C:\WINDOWS\system32\S3Trayp.exe:*:Enabled:S3trayp (S3 Graphics Co., Ltd.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe:*:Enabled:PDVDServ (Cyberlink Corp.)
C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe:*:Enabled:ConvertXtoDvd (VSO Software SARL)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe:*:Enabled:NMIndexingService (Nero AG)
C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService (Apple Inc.)
C:\Program Files\Sygate\SPF\Smc.exe:*:Enabled:smc (Sygate Technologies, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java™ SE Development Kit 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{487E76B4-8A45-4C2E-B20A-218D33A8EA7D}_is1" = ConvertXtoDVD 2.99.9.500
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{583A9C95-8DB9-11D5-BA72-0048546FEA44}" = Elmo Through the Looking Glass
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.60 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Azureus Vuze" = Azureus Vuze
"CDisplay_is1" = CDisplay 1.8
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"gBurner" = gBurner
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
"LimeWire" = LimeWire 4.16.6
"Mickey Mouse Toddler" = Disney's Mickey Mouse Toddler
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SopCast" = SopCast 2.0.4
"Tiger Gaming" = Tiger Gaming
"TVUPlayer" = TVUPlayer 2.3.5.4
"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0078
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2008 8:11:52 PM | Computer Name = AL-POWER | Source = MsiInstaller | ID = 11500
Description = Product: Kaspersky Internet Security 2009 -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 12/29/2008 8:11:52 PM | Computer Name = AL-POWER | Source = MsiInstaller | ID = 11500
Description = Product: Kaspersky Internet Security 2009 -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 12/29/2008 8:11:52 PM | Computer Name = AL-POWER | Source = MsiInstaller | ID = 11500
Description = Product: Kaspersky Internet Security 2009 -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 12/29/2008 8:11:53 PM | Computer Name = AL-POWER | Source = MsiInstaller | ID = 11500
Description = Product: Kaspersky Internet Security 2009 -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 12/29/2008 8:11:54 PM | Computer Name = AL-POWER | Source = MsiInstaller | ID = 11500
Description = Product: Kaspersky Internet Security 2009 -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 12/29/2008 8:11:55 PM | Computer Name = AL-POWER | Source = MsiInstaller | ID = 11500
Description = Product: Kaspersky Internet Security 2009 -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 12/29/2008 8:15:10 PM | Computer Name = AL-POWER | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.506, faulting module prkernel.ppl,
version 8.0.0.506, fault address 0x00011b51.

Error - 12/29/2008 8:15:18 PM | Computer Name = AL-POWER | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.506, faulting module prkernel.ppl,
version 8.0.0.506, fault address 0x00011b51.

Error - 12/29/2008 8:15:29 PM | Computer Name = AL-POWER | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.506, faulting module prkernel.ppl,
version 8.0.0.506, fault address 0x00011b51.

Error - 12/29/2008 8:15:43 PM | Computer Name = AL-POWER | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.506, faulting module prkernel.ppl,
version 8.0.0.506, fault address 0x00011b51.

[ System Events ]
Error - 12/17/2008 11:35:17 PM | Computer Name = AL-POWER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2008 11:35:17 PM | Computer Name = AL-POWER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/21/2008 3:58:04 AM | Computer Name = AL-POWER | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 12/24/2008 12:28:17 AM | Computer Name = AL-POWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 7:16:00 PM | Computer Name = AL-POWER | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 f732c507, parameter3
ef5e0af8, parameter4 ef5e07f4.

Error - 12/29/2008 7:16:04 PM | Computer Name = AL-POWER | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 f731a5c5, parameter3
ef5c3ad0, parameter4 ef5c37cc.

Error - 12/29/2008 7:16:06 PM | Computer Name = AL-POWER | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 f732c507, parameter3
ef701af8, parameter4 ef7017f4.

Error - 12/29/2008 8:23:20 PM | Computer Name = AL-POWER | Source = Service Control Manager | ID = 7024
Description = The Avira AntiVir Premium WebGuard service terminated with service-specific
error 1 (0x1).

Error - 12/30/2008 1:09:55 AM | Computer Name = AL-POWER | Source = Service Control Manager | ID = 7034
Description = The Avira AntiVir Premium WebGuard service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/30/2008 7:37:55 PM | Computer Name = AL-POWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >

[Fred21543]

Happy New Year to you too

Running tools such as ComboFix by yourself without supervision is very dangerous; do not do so again.


Do either of these organizations sound familiar to you, relating to the proxy server? I did a whois and these are the organizations I got for that IP address; California State University Network and Peralta Community College District?


LimeWire, Azureus, BitTorrent, uTorrent and BitTorrent DNA are P2P Programs. P2P Programs are not recommended as the uses of them can vary legally from area to area, and they are a great way of acquiring all kinds of malicious software! Therefore I recommend you go to Start>Control Panel>Add/Remove Programs and remove these programs.


Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :processes
  explorer.exe
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_Dlls"=""
  :files
  C:\*.tmp
  C:\WINDOWS\*.tmp
  C:\WINDOWS\System32\*.tmp
  C:\WINDOWS\system32\rosobogu.dll
  C:\WINDOWS\system32\zubayoro.dll
  c:\windows\system32\lunigiso.dll
  C:\WINDOWS\System32\bekehutu.dll
  C:\WINDOWS\System32\hisozega.dll
  C:\WINDOWS\System32\ijodulur.ini
  C:\WINDOWS\System32\mepawadi.dll
  C:\WINDOWS\system32\beyamata.dll
  C:\WINDOWS\system32\sirofiru.dll
  C:\WINDOWS\system32\kirofove.dll
  C:\WINDOWS\System32\atamayeb.ini
  C:\WINDOWS\System32\ojapuwuv.ini
  C:\WINDOWS\System32\~.exe
  C:\WINDOWS\System32\a.exe
  C:\WINDOWS\System32\rideheye
  C:\kleaner.tmp
  C:\WINDOWS\System32\ijodulur.ini
  :commands
  [purity]
  [emptytemp]
  [start explorer]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[A W]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
========== FILES ==========
C:\kleaner.tmp moved successfully.
C:\WINDOWS\002765_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET5A.tmp moved successfully.
C:\WINDOWS\System32\SET5C.tmp moved successfully.
C:\WINDOWS\System32\SET68.tmp moved successfully.
File/Folder C:\WINDOWS\system32\rosobogu.dll not found.
File/Folder C:\WINDOWS\system32\zubayoro.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\lunigiso.dll
c:\windows\system32\lunigiso.dll NOT unregistered.
c:\windows\system32\lunigiso.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bekehutu.dll
C:\WINDOWS\System32\bekehutu.dll NOT unregistered.
C:\WINDOWS\System32\bekehutu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hisozega.dll
C:\WINDOWS\System32\hisozega.dll NOT unregistered.
C:\WINDOWS\System32\hisozega.dll moved successfully.
C:\WINDOWS\System32\ijodulur.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mepawadi.dll
C:\WINDOWS\System32\mepawadi.dll NOT unregistered.
C:\WINDOWS\System32\mepawadi.dll moved successfully.
File/Folder C:\WINDOWS\system32\beyamata.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sirofiru.dll
C:\WINDOWS\system32\sirofiru.dll NOT unregistered.
C:\WINDOWS\system32\sirofiru.dll moved successfully.
File/Folder C:\WINDOWS\system32\kirofove.dll not found.
C:\WINDOWS\System32\atamayeb.ini moved successfully.
C:\WINDOWS\System32\ojapuwuv.ini moved successfully.
File/Folder C:\WINDOWS\System32\~.exe not found.
C:\WINDOWS\System32\a.exe moved successfully.
C:\WINDOWS\System32\rideheye moved successfully.
File/Folder C:\kleaner.tmp not found.
File/Folder C:\WINDOWS\System32\ijodulur.ini not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\etilqs_aVbWigo9Eo0XTMxqeGC4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF2235.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF2249.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF373A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF3946.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01012009_091347

[A W]

After reboot log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
========== FILES ==========
C:\kleaner.tmp moved successfully.
C:\WINDOWS\002765_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET5A.tmp moved successfully.
C:\WINDOWS\System32\SET5C.tmp moved successfully.
C:\WINDOWS\System32\SET68.tmp moved successfully.
File/Folder C:\WINDOWS\system32\rosobogu.dll not found.
File/Folder C:\WINDOWS\system32\zubayoro.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\lunigiso.dll
c:\windows\system32\lunigiso.dll NOT unregistered.
c:\windows\system32\lunigiso.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bekehutu.dll
C:\WINDOWS\System32\bekehutu.dll NOT unregistered.
C:\WINDOWS\System32\bekehutu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hisozega.dll
C:\WINDOWS\System32\hisozega.dll NOT unregistered.
C:\WINDOWS\System32\hisozega.dll moved successfully.
C:\WINDOWS\System32\ijodulur.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mepawadi.dll
C:\WINDOWS\System32\mepawadi.dll NOT unregistered.
C:\WINDOWS\System32\mepawadi.dll moved successfully.
File/Folder C:\WINDOWS\system32\beyamata.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sirofiru.dll
C:\WINDOWS\system32\sirofiru.dll NOT unregistered.
C:\WINDOWS\system32\sirofiru.dll moved successfully.
File/Folder C:\WINDOWS\system32\kirofove.dll not found.
C:\WINDOWS\System32\atamayeb.ini moved successfully.
C:\WINDOWS\System32\ojapuwuv.ini moved successfully.
File/Folder C:\WINDOWS\System32\~.exe not found.
C:\WINDOWS\System32\a.exe moved successfully.
C:\WINDOWS\System32\rideheye moved successfully.
File/Folder C:\kleaner.tmp not found.
File/Folder C:\WINDOWS\System32\ijodulur.ini not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\etilqs_aVbWigo9Eo0XTMxqeGC4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF2235.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF2249.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF373A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF3946.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01012009_091347

Files moved on Reboot...
C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully.
C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\Cookies\index.dat moved successfully.
File C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\etilqs_aVbWigo9Eo0XTMxqeGC4 not found!
C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF2235.tmp not found!
File C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF2249.tmp not found!
File C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF373A.tmp not found!
File C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF3946.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\History\History.IE5\index.dat moved successfully.
C:\WINDOWS\temp\Cookies\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_78.dat not found!
C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\XUL.mfl moved successfully.

[Fred21543]

You seem to have missed my question; Do either of these organizations sound familiar
to you, relating to the proxy server? I did a whois and these are the
organizations I got for that IP address; California State University Network and Peralta Community College District?


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Also, if you can run OTListit2 again and give me a fresh log to look at.

[A W]

Hi Fred, Thanks for the quick reply.

"You seem to have missed my question; Do either of these organizations sound familiar to you, relating to the proxy server? I did a who is and these are the organizations I got for that IP address; California State University Network and Peralta Community College District?"

The answer to this question is no. I have no affiliation with them. I am from Canada. What does that mean?

Malwarebytes' Anti-Malware 1.31
Database version: 1592
Windows 5.1.2600 Service Pack 3

1/1/2009 5:51:21 PM
mbam-log-2009-01-01 (17-51-21).txt

Scan type: Quick Scan
Objects scanned: 48819
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lipewedi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lahesumo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\telonapi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jipapema.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\roruhore.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a970507-e1c7-4661-8ba3-6d92b3ebf535} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0a970507-e1c7-4661-8ba3-6d92b3ebf535} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0a970507-e1c7-4661-8ba3-6d92b3ebf535} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\98f26c50 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ludivovoba (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9bc15fcc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lahesumo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\lahesumo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lahesumo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\roruhore.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\roruhore.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\boponase.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esanopob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lipewedi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\idewepil.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\litinika.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akinitil.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\telonapi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\roruhore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jipapema.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lahesumo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fogiguzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vihokaso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ALAN WONG\Local Settings\Temporary Internet Files\Content.IE5\A98JXIZU\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

[A W]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 02, 2009 04:06:57
Records in database: 1545901
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 51206
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:01:21


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\01012009_091347\WINDOWS\System32\a.exe Infected: Trojan.Win32.Monder.gen 1
D:\AL\Nuthouse Starter Pack 01.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1

The selected area was scanned.


OTListIt logfile created on: 1/2/2009 7:40:01 AM - Run 3
OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\ALAN WONG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 624.70 Mb Available Physical Memory | 65.18% Memory free
2.26 Gb Paging File | 1.58 Gb Available in Paging File | 69.69% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.91 Gb Total Space | 40.54 Gb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive D: | 244.17 Gb Total Space | 52.96 Gb Free Space | 21.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AL-POWER
Current User Name: ALAN WONG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
C:\Documents and Settings\ALAN WONG\Local Settings\Temp\jkos-ALAN WONG\binaries\ScanningProcess.exe (Kaspersky Lab.)
C:\Documents and Settings\ALAN WONG\Local Settings\Temp\jkos-ALAN WONG\binaries\ScanningProcess.exe (Kaspersky Lab.)
C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
C:\Documents and Settings\ALAN WONG\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(AntiVirMailService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
(AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
(AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
(antivirwebservice [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
(AVEService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
(NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
(RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
(SmcService [Auto | Running]) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
(usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
(WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
(avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
(avipbb [System | Running]) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
(FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )
(FETNDISB [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. )
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
(IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
(pcouffin [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(QV2KUX [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
(S3GIGP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ssmdrv [System | Running]) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
(tapvpn [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
(Teefer [Boot | Running]) -- C:\WINDOWS\system32\drivers\Teefer.sys (Sygate Technologies, Inc.)
(uagp35 [Boot | Running]) -- C:\WINDOWS\system32\drivers\uagp35.sys (Microsoft Corporation)
(usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
(videX32 [Boot | Running]) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
(wg3n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg3n.sys (Sygate Technologies, Inc.)
(wg4n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg4n.sys (Sygate Technologies, Inc.)
(wg5n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg5n.sys (Sygate Technologies, Inc.)
(wg6n [Auto | Running]) -- C:\WINDOWS\system32\drivers\wg6n.sys (Sygate Technologies, Inc.)
(wpsdrvnt [System | Running]) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
(WS2IFSL [System | Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)
(xfilt [Boot | Running]) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [S3Trayp] S3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\ALAN WONG\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...9798.7310069444 (Update Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = C:\WINDOWS\system32\sirofiru.dll c:\windows\system32\lunigiso.dll c:\windows\system32\hisozega.dll c:\windows\system32\mepawadi.dll
>C:\WINDOWS\system32\sirofiru.dll File not found
>c:\windows\system32\lunigiso.dll File not found
>c:\windows\system32\hisozega.dll File not found
>c:\windows\system32\mepawadi.dll File not found

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/02 07:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALAN WONG\My Documents\New Folder
[2009/01/01 17:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALAN WONG\Application Data\Malwarebytes
[2009/01/01 17:45:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/01 17:45:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/01 17:45:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/01 17:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/01 17:45:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/01 17:45:00 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ALAN WONG\Desktop\mbam-setup.exe
[2009/01/01 09:13:47 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/01 09:12:33 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALAN WONG\Desktop\OTMoveIt3.exe
[2008/12/31 19:09:05 | 00,016,444 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\185546.jpg
[2008/12/31 18:50:01 | 00,014,531 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\184436.jpg
[2008/12/31 06:48:22 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALAN WONG\Desktop\OTListIt2.exe
[2008/12/31 06:42:39 | 35,124,856 | ---- | C] ( ) -- C:\Documents and Settings\ALAN WONG\Desktop\AdbeRdr90_en_US.exe
[2008/12/30 19:25:10 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\HijackThis.lnk
[2008/12/30 19:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/29 18:39:22 | 33,554,432 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\3014 - Iron Chef America -Supreme Cuisine (U).nds
[2008/12/29 16:26:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALAN WONG\Application Data\Avira
[2008/12/29 16:23:04 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Premium.lnk
[2008/12/29 16:22:57 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/12/29 16:22:56 | 00,094,465 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\avsda.dll
[2008/12/29 16:22:55 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/29 16:22:55 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/12/29 16:22:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/29 13:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/28 11:44:20 | 13,421,7728 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2923 - Guitar Rock Tour (U).nds
[2008/12/28 11:43:56 | 26,843,5456 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2906 - Star Wars The Clone Wars - Jedi Alliance (U).nds
[2008/12/28 11:43:49 | 67,108,864 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2905 - Call of Duty - World at War (U).nds
[2008/12/28 11:43:42 | 13,421,7728 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\2897 - Guitar Hero On Tour - Decades (E).nds
[2008/12/18 09:22:15 | 00,007,786 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Large.jpg
[2008/12/18 09:22:15 | 00,002,381 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Small.jpg
[2008/12/17 23:51:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/17 19:56:52 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/12/17 19:50:59 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2008/12/17 19:50:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/17 19:50:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/17 19:49:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/17 19:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/12/16 11:26:15 | 00,009,571 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Large.jpg
[2008/12/16 11:26:15 | 00,002,744 | -HS- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Small.jpg
[2008/12/15 13:18:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALAN WONG\My Documents\LimeWire
[2008/12/14 09:43:40 | 00,625,026 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\Desktop\emaildirect_51_2008.pdf
[2008/12/08 15:34:25 | 00,002,218 | ---- | C] () -- C:\Documents and Settings\ALAN WONG\My Documents\Tia's resume.rtf
[2008/12/03 20:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\CDisplay

========== Files - Modified Within 30 Days ==========

[2009/01/01 23:57:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/01 21:07:24 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/01 21:07:18 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 17:53:52 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\My Sharing Folders.lnk
[2009/01/01 17:53:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/01 17:53:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/01 17:52:41 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\rideheye
[2009/01/01 17:45:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/01 17:45:00 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ALAN WONG\Desktop\mbam-setup.exe
[2009/01/01 14:47:26 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/01 09:12:33 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALAN WONG\Desktop\OTMoveIt3.exe
[2008/12/31 21:43:28 | 01,840,644 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\Thumbs.db
[2008/12/31 19:09:05 | 00,016,444 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\185546.jpg
[2008/12/31 18:50:01 | 00,014,531 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\184436.jpg
[2008/12/31 06:48:22 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALAN WONG\Desktop\OTListIt2.exe
[2008/12/31 06:43:44 | 35,124,856 | ---- | M] ( ) -- C:\Documents and Settings\ALAN WONG\Desktop\AdbeRdr90_en_US.exe
[2008/12/30 19:25:10 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\HijackThis.lnk
[2008/12/29 16:47:11 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/12/29 16:23:04 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Premium.lnk
[2008/12/29 12:43:45 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Application Data\vso_ts_preview.xml
[2008/12/27 21:20:01 | 00,008,678 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\Folder.jpg
[2008/12/27 21:20:01 | 00,002,388 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArtSmall.jpg
[2008/12/27 20:57:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\iTunes.lnk
[2008/12/24 19:39:09 | 00,017,920 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\Thumbs.db
[2008/12/23 09:38:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/18 09:22:15 | 00,000,363 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\desktop.ini
[2008/12/18 09:22:13 | 00,007,786 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Large.jpg
[2008/12/18 09:22:10 | 00,002,381 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{C2CA2262-1676-44D4-AA00-515B3BB62908}_Small.jpg
[2008/12/17 19:54:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/17 19:54:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/17 19:50:59 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2008/12/16 11:26:15 | 00,009,571 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Large.jpg
[2008/12/16 11:26:14 | 00,002,744 | -HS- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\AlbumArt_{6275E696-509F-4BAA-A556-D84D80419AFA}_Small.jpg
[2008/12/14 09:43:40 | 00,625,026 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\Desktop\emaildirect_51_2008.pdf
[2008/12/12 01:22:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/08 15:33:50 | 00,002,218 | ---- | M] () -- C:\Documents and Settings\ALAN WONG\My Documents\Tia's resume.rtf
[2008/12/04 16:31:34 | 06,919,760 | -H-- | M] () -- C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\IconCache.db
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/01/01 17:46:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\ALAN WONG\Application Data
[2008/12/10 15:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Adobe
[2008/05/08 08:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\AdobeUM
[2007/10/26 08:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Ahead
[2008/09/19 16:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Apple Computer
[2008/12/29 16:26:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Avira
[2008/12/31 17:30:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Azureus
[2007/11/11 23:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\BitTorrent
[2007/11/12 10:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\BitTorrent DNA
[2007/10/26 09:04:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\CyberLink
[2007/12/23 20:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\DivX
[2008/12/13 19:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\dvdcss
[2008/01/20 16:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\GetRightToGo
[2007/10/26 11:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Google
[2007/10/29 02:52:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Help
[2007/10/25 11:44:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Identities
[2008/12/31 17:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Lavasoft
[2007/11/04 16:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Leadertech
[2008/12/27 21:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\LimeWire
[2008/02/01 11:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Macromedia
[2009/01/01 17:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Malwarebytes
[2007/12/26 16:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Media Player Classic
[2008/11/11 11:08:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Microsoft
[2008/11/11 11:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Microsoft Games
[2008/01/07 18:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Move Networks
[2008/06/25 15:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Mozilla
[2008/11/05 17:34:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\SecuROM
[2007/10/27 20:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Sun
[2007/11/01 10:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Talkback
[2007/12/20 16:01:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\TVU Networks
[2008/09/26 22:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\uTorrent
[2007/12/30 16:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\vlc
[2008/12/29 12:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\Vso
[2008/11/04 22:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALAN WONG\Application Data\WarZone
[2009/01/01 17:45:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/22 06:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/05/08 07:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/28 22:11:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2007/10/30 20:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/11/05 09:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/31 17:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2007/10/27 09:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/10/26 09:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/11/28 13:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/23 20:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/12/29 13:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/01/01 17:45:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/05 19:18:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/10/25 15:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/08/01 09:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2008/02/08 17:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/03/30 11:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU networks
[2007/10/30 02:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/10/25 12:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/17 18:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/01/01 23:57:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/01 17:53:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >

[Fred21543]

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.129.192.52:80

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :processes
  explorer.exe
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_Dlls"=""
  :files
  D:\AL\Nuthouse Starter Pack 01.rar
  C:\WINDOWS\System32\rideheye
  C:\WINDOWS\system32\lipewedi.dll
  C:\WINDOWS\system32\telonapi.dll
  c:\WINDOWS\system32\roruhore.dll
  C:\WINDOWS\system32\jipapema.dll
  C:\WINDOWS\system32\lahesumo.dll
  :commands
  [purity]
  [emptytemp]
  [start explorer]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Also, I will need to see a new OTListIt log.

[A W]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
========== FILES ==========
D:\AL\Nuthouse Starter Pack 01.rar moved successfully.
C:\WINDOWS\System32\rideheye moved successfully.
File/Folder C:\WINDOWS\system32\lipewedi.dll not found.
File/Folder C:\WINDOWS\system32\telonapi.dll not found.
File/Folder c:\WINDOWS\system32\roruhore.dll not found.
File/Folder C:\WINDOWS\system32\jipapema.dll not found.
File/Folder C:\WINDOWS\system32\lahesumo.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\etilqs_fRMAhomsHR6gfYMJJIC8 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF7FB8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF80C6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF9DA4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALANWO~1\LOCALS~1\Temp\~DF9DE1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_408.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALAN WONG\Local Settings\Application Data\Mozilla\Firefox\Profiles\4xcoi8sn.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 0102