Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox/IE : Jump/Redirects to random sites [Solved]

Started by HELP.ME , Mar 20 2009 01:53 AM

  • This topic is locked This topic is locked

#31
handhfan
Posted 16 April 2009 - 04:54 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

Advertisements

#32
HELP.ME
Posted 17 April 2009 - 05:24 AM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

AVP report :


Detected
--------
Status Object
------ ------
deleted: Trojan program Backdoor.Win32.ForBot.am File: C:\Qoobox\Quarantine\C\Windows\System32\WanPacket.dll.vir
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.eeb File: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6K71X0R\promo[1].exe
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.eeb File: C:\Users\User\AppData\Local\Temp\20136.exe
deleted: Trojan program Trojan.Win32.FraudPack.lfl File: C:\Users\User\AppData\Local\Temp\9494.exe
deleted: Trojan program Exploit.JS.Pdfka.gx File: C:\Users\User\AppData\Local\Temp\plugtmp-29\plugin-pdf.php//data0000
deleted: Trojan program Exploit.JS.Pdfka.w File: C:\Users\User\AppData\Local\Temp\plugtmp-4\plugin-pdf.php//data0000
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.eeb File: C:\Users\User\Š
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.u File: D:\Documents\LimeWire\Saved\Summer Rain - Slinkee Minx.mp3
deleted: Trojan program Trojan-Downloader.WMA.Wimad.n File: D:\Documents\LimeWire\Saved\Tamara Jaber - Ooh Aah.wma
deleted: Trojan program Trojan.Win32.TDSS.sem File: D:\Qoobox\Quarantine\D\RECYCLER\S-4-0-20-100030795-100024155-100029022-2592.com.vir

_______________________________________________________________________________

OTLIST IT LOG :



OTListIt logfile created on: 2009-04-17 21:11:23 - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 20.14 Gb Free Space | 27.02% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 67.28 Gb Free Space | 22.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 778.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ANNIE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\system32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Windows\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\Fighters\configservice.exe (SPAMfighter)
PRC - C:\Program Files\Fighters\licenseservice.exe (SPAMfighter)
PRC - C:\Program Files\Fighters\updateservice.exe (SPAMfighter)
PRC - C:\Program Files\Fighters\ScannerService.exe (SPAMfighter)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (AzureWave.com)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe (SPAMfighter)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Users\User\AppData\Local\Temp\12252.exe ()
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (Hewlett-Packard Co.)
PRC - c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe (SPAMfighter)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Users\User\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\system32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BlueSoleilCS [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (BsHelpCS [On_Demand | Stopped]) -- File not found
SRV - (BsMobileCS [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\Windows\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PTK License-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\licenseservice.exe (SPAMfighter)
SRV - (PTK Live Update-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\updateservice.exe (SPAMfighter)
SRV - (PTK Scanner-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\ScannerService.exe (SPAMfighter)
SRV - (PTK SharedAccess-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\configservice.exe (SPAMfighter)
SRV - (RelevantKnowledge [Auto | Stopped]) -- File not found
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AFS [Boot | Running]) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BtHidBus [Boot | Running]) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DVDRIVER [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\dvdriver.sys (Eagletron Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (is-BNOA6drv [System | Running]) -- C:\Windows\system32\DRIVERS\62276820.sys (Kaspersky Lab)
DRV - (is-EONG6drv [System | Running]) -- C:\Windows\system32\DRIVERS\88064161.sys (Kaspersky Lab)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Iviaspi [On_Demand | Stopped]) -- C:\Windows\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IvtBtBUs [On_Demand | Running]) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (JGOGO [Boot | Running]) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ASACPI.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (P16X [On_Demand | Running]) -- C:\Windows\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (Pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8187 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt [System | Running]) -- C:\Windows\system32\DRIVERS\rtlprot.sys (Windows ® Codename Longhorn DDK provider)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Vfscan [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\vffilter.sys ()
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}:1.2.211
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://au.search.yah...8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-17 17:15:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-17 17:15:53 | 00,000,000 | ---D | M]

[2008-07-09 23:17:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2008-07-09 23:17:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-16 14:39:12 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions
[2009-01-28 18:00:00 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009-01-13 20:55:56 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-01-13 14:29:24 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-11-28 20:10:21 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
[2009-04-17 17:16:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008-07-18 23:02:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009-04-17 17:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-26 14:34:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008-07-24 19:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009-03-10 13:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-04-17 17:15:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-17 17:15:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-02-20 05:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-02-20 05:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-02-20 05:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-02-20 05:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-02-20 05:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-02-20 05:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-02-20 05:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe (SPAMfighter)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cognac] C:\Users\User\AppData\Local\Temp\12252.exe ()
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H (PC Tools)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} http://games.bigfish...eb.1.0.0.11.cab (CPlayFirstFitnessDasControl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...SS.cab69309.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - H:\AutoRun.exe (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\AutoRun.exe (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\AutoRunGUI.dll (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\{011c0107-5598-11dd-a6f4-0011675c3e06}\Shell - "" = AutoRun
O33 - MountPoints2\{011c0107-5598-11dd-a6f4-0011675c3e06}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{250a4e78-7baf-11dd-a9cb-002215031222}\Shell - "" = AutoRun
O33 - MountPoints2\{250a4e78-7baf-11dd-a9cb-002215031222}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2007-08-05 01:54:31 | 00,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{4bd6a791-4a34-11dd-ab26-0015af841d69}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-04-17 21:10:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTListIt2.exe
[2009-04-17 21:01:20 | 34,866,66752 | -HS- | C] () -- C:\hiberfil.sys
[2009-04-17 18:45:21 | 00,000,000 | ---D | C] -- C:\ProgramData\is-V7M5K
[2009-04-17 18:13:04 | 37,890,592 | ---- | C] ( ) -- C:\Users\User\Desktop\setup_7.0.0.290_17.04.2009_11-10.exe
[2009-04-17 17:26:35 | 00,000,000 | ---D | C] -- C:\ProgramData\is-ND4UK
[2009-04-17 17:19:53 | 02,140,192 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009-04-17 17:19:53 | 00,018,404 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009-04-17 17:17:17 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62276820.sys
[2009-04-17 17:15:27 | 00,001,782 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-EONG6.lnk
[2009-04-17 17:15:27 | 00,000,000 | ---D | C] -- C:\ProgramData\is-EONG6
[2009-04-17 17:15:19 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\88064161.sys
[2009-04-17 17:06:07 | 00,014,873 | ---- | C] () -- D:\Documents\INSTRUCTIONS.docx
[2009-04-16 19:38:25 | 00,001,943 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2009-04-16 19:36:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2009-04-16 19:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\Fighters
[2009-04-16 19:03:22 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ScanSpyware
[2009-04-16 18:50:59 | 00,000,000 | ---D | C] -- C:\ProgramData\CrucialSoft Ltd
[2009-04-16 18:50:52 | 00,000,238 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009-04-16 17:38:14 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Graboid
[2009-04-16 17:36:19 | 00,001,053 | ---- | C] () -- C:\Users\User\Desktop\Graboid Video.lnk
[2009-04-13 19:26:09 | 01,357,204 | ---- | C] () -- C:\Users\User\Desktop\Schnuffel _Bunny.mp3
[2009-04-10 22:38:47 | 00,012,117 | ---- | C] () -- C:\Users\User\Desktop\DIRECTX_SIMS 2.docx
[2009-04-10 22:24:57 | 00,000,000 | ---D | C] -- C:\Program Files\ILOG
[2009-04-09 23:21:23 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009-04-09 23:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009-04-09 23:21:04 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-04-09 23:21:04 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009-04-09 15:44:40 | 00,005,211 | ---- | C] () -- C:\Users\User\Desktop\BORDERSVOUCHER.gif
[2009-04-08 20:09:18 | 00,011,216 | ---- | C] () -- C:\Users\User\Desktop\Christie Road.docx
[2009-04-07 23:17:28 | 00,101,460 | ---- | C] () -- C:\Users\User\Desktop\Asuka.docx
[2009-04-06 16:14:17 | 00,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$Do Stupid Things 44% Of the Time.docx
[2009-04-05 21:59:11 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ahead
[2009-04-04 16:48:54 | 00,000,000 | ---D | C] -- C:\Program Files\Pet Pals
[2009-04-03 21:29:04 | 02,819,409 | ---- | C] () -- C:\Users\User\Desktop\Rainbowhair.ptg
[2009-04-03 14:53:35 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-04-03 14:53:35 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-04-03 14:53:35 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009-03-31 14:57:06 | 00,001,834 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2009-03-31 14:57:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-03-31 13:54:13 | 00,008,288 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-03-29 18:55:30 | 09,069,513 | ---- | C] () -- C:\Users\User\Desktop\Colour World.ptg
[2009-03-29 11:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\DirectX
[2009-03-29 10:53:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\directx
[2009-03-29 10:16:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009-03-29 10:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009-03-29 10:14:28 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009-03-29 10:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009-03-28 21:41:49 | 00,001,989 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2009-03-27 14:33:02 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\OTScanIt2
[2009-03-27 14:29:51 | 00,662,639 | ---- | C] () -- C:\Users\User\Desktop\OTScanIt2.exe
[2009-03-26 17:59:10 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2009-03-26 14:53:36 | 00,000,000 | ---D | C] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009-03-26 14:52:23 | 00,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009-03-26 14:35:26 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2009-03-26 14:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009-03-26 14:34:51 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009-03-24 16:51:30 | 00,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-03-21 19:25:27 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009-03-21 19:25:27 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009-03-21 19:25:27 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009-03-21 19:25:27 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009-03-21 19:25:27 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009-03-21 19:25:27 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009-03-21 19:25:27 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009-03-21 19:25:27 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009-03-21 19:25:27 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009-03-21 19:25:12 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF31134.exe
[2009-03-21 19:25:12 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-03-21 19:25:11 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009-03-21 19:25:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-03-21 19:23:14 | 02,934,169 | R--- | C] () -- C:\Users\User\Desktop\ComboFix.exe
[2009-03-20 22:55:24 | 00,043,817 | ---- | C] () -- C:\Users\User\Desktop\Forum.docx
[2009-03-20 19:43:56 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2009-03-20 17:32:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-03-20 17:04:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009-03-20 17:04:10 | 00,000,693 | ---- | C] () -- C:\Users\User\Desktop\NTREGOPT.lnk
[2009-03-20 17:04:09 | 00,000,674 | ---- | C] () -- C:\Users\User\Desktop\ERUNT.lnk
[2009-03-20 17:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-03-14 23:03:24 | 00,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2009-03-14 22:59:44 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009-02-28 19:44:42 | 03,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009-02-28 19:44:42 | 00,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009-02-28 19:44:42 | 00,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009-02-28 19:44:42 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009-02-28 19:44:41 | 00,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2009-02-01 12:59:09 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009-01-12 12:02:16 | 02,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009-01-12 12:02:16 | 00,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009-01-12 12:02:15 | 00,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009-01-12 12:02:15 | 00,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009-01-12 11:50:31 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-01-12 11:32:29 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-01-12 11:32:29 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008-12-31 16:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008-12-30 13:57:28 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008-12-20 19:05:48 | 00,000,037 | ---- | C] () -- C:\Windows\avitoiPodconverter.ini
[2008-11-18 11:01:46 | 00,015,496 | ---- | C] () -- C:\Windows\System32\drivers\vffilter.sys
[2008-11-07 02:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008-11-07 02:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008-11-07 02:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008-11-07 02:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008-10-07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008-09-12 18:29:41 | 00,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008-09-10 22:21:35 | 00,000,158 | ---- | C] () -- C:\Windows\pagesuit.ini
[2008-09-10 22:21:32 | 00,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2008-08-26 15:46:09 | 00,000,088 | RHS- | C] () -- C:\Windows\System32\2859EE8E6A.sys
[2008-08-26 15:42:23 | 00,004,182 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008-07-31 22:39:22 | 00,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008-07-26 13:42:52 | 00,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008-07-26 07:25:02 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008-07-11 15:43:39 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008-07-11 15:43:39 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008-07-11 15:43:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008-07-11 15:43:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008-07-11 15:43:39 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008-07-11 15:43:39 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008-07-09 23:50:53 | 00,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008-07-09 23:50:52 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008-07-09 23:50:48 | 00,027,648 | -HS- | C] () -- C:\Windows\System32\Smab0.dll
[2008-07-09 21:18:20 | 00,000,000 | ---- | C] () -- C:\Windows\WININIT.INI
[2008-07-09 17:16:45 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008-07-03 17:35:52 | 00,065,536 | ---- | C] ( ) -- C:\Windows\System32\A3d.dll
[2008-07-03 17:35:52 | 00,039,936 | ---- | C] () -- C:\Windows\System32\P16X.dll
[2008-07-03 16:58:05 | 00,018,521 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008-07-03 16:57:45 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008-07-03 16:57:34 | 00,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006-11-02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 20:23:31 | 00,000,431 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-08-03 07:24:02 | 00,014,336 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== Files - Modified Within 30 Days ==========

[2009-04-17 21:12:04 | 02,146,336 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009-04-17 21:10:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTListIt2.exe
[2009-04-17 21:07:47 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-04-17 21:07:47 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-04-17 21:07:47 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-04-17 21:01:48 | 00,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2009-04-17 21:01:28 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-04-17 21:01:28 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-04-17 21:01:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-04-17 21:01:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-04-17 21:01:21 | 34,866,66752 | -HS- | M] () -- C:\hiberfil.sys
[2009-04-17 18:41:52 | 00,018,404 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009-04-17 18:25:22 | 37,890,592 | ---- | M] ( ) -- C:\Users\User\Desktop\setup_7.0.0.290_17.04.2009_11-10.exe
[2009-04-17 17:15:27 | 00,001,782 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-EONG6.lnk
[2009-04-17 17:06:08 | 00,014,873 | ---- | M] () -- D:\Documents\INSTRUCTIONS.docx
[2009-04-17 16:58:52 | 19,086,5364 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009-04-17 16:25:17 | 00,000,238 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009-04-16 19:38:25 | 00,001,943 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2009-04-16 17:36:19 | 00,001,053 | ---- | M] () -- C:\Users\User\Desktop\Graboid Video.lnk
[2009-04-16 17:36:12 | 00,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009-04-15 18:13:00 | 00,001,834 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk
[2009-04-14 20:16:11 | 00,131,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-13 19:30:56 | 01,357,204 | ---- | M] () -- C:\Users\User\Desktop\Schnuffel _Bunny.mp3
[2009-04-10 22:38:47 | 00,012,117 | ---- | M] () -- C:\Users\User\Desktop\DIRECTX_SIMS 2.docx
[2009-04-09 23:21:23 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009-04-09 15:44:00 | 00,005,211 | ---- | M] () -- C:\Users\User\Desktop\BORDERSVOUCHER.gif
[2009-04-08 20:09:18 | 00,011,216 | ---- | M] () -- C:\Users\User\Desktop\Christie Road.docx
[2009-04-08 01:05:34 | 00,101,460 | ---- | M] () -- C:\Users\User\Desktop\Asuka.docx
[2009-04-06 16:34:52 | 00,037,986 | ---- | M] () -- C:\Users\User\Desktop\I Do Stupid Things 44% Of the Time.docx
[2009-04-06 16:14:17 | 00,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$Do Stupid Things 44% Of the Time.docx
[2009-04-06 15:15:57 | 01,794,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-04-06 14:46:13 | 00,140,928 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-04-03 21:29:04 | 02,819,409 | ---- | M] () -- C:\Users\User\Desktop\Rainbowhair.ptg
[2009-04-03 15:28:27 | 00,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2009-04-02 18:33:07 | 00,012,714 | ---- | M] () -- C:\Users\User\Desktop\NICKNAME.docx
[2009-03-31 13:54:13 | 00,008,288 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2009-03-30 19:53:33 | 00,002,587 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2009-03-30 16:30:28 | 09,069,513 | ---- | M] () -- C:\Users\User\Desktop\Colour World.ptg
[2009-03-28 21:41:49 | 00,001,989 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2009-03-27 14:29:56 | 00,662,639 | ---- | M] () -- C:\Users\User\Desktop\OTScanIt2.exe
[2009-03-26 14:55:56 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009-03-26 14:52:23 | 00,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009-03-26 14:34:53 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009-03-24 16:51:30 | 00,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-03-21 19:25:07 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF31134.exe
[2009-03-21 19:24:12 | 02,934,169 | R--- | M] () -- C:\Users\User\Desktop\ComboFix.exe
[2009-03-20 22:55:25 | 00,043,817 | ---- | M] () -- C:\Users\User\Desktop\Forum.docx
[2009-03-20 17:04:10 | 00,000,693 | ---- | M] () -- C:\Users\User\Desktop\NTREGOPT.lnk
[2009-03-20 17:04:09 | 00,000,674 | ---- | M] () -- C:\Users\User\Desktop\ERUNT.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC
< End of report >

Note: For the "Extras.Txt", i didn't get two notepads open up, just the one above ("OTListIt.Txt").

Edited by HELP.ME, 17 April 2009 - 05:29 AM.

  • 0

#33
handhfan
Posted 19 April 2009 - 10:05 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLI
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Users\User\AppData\Local\Temp\12252.exe ()
SRV - (RelevantKnowledge [Auto | Stopped]) -- File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Reg Error: Key error. File not found

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please redownload and scan again with AVP, and post a new OTListIt2 log as well.

Is your computer running better now?
  • 0

#34
HELP.ME
Posted 21 April 2009 - 02:29 AM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
The Jump/Redirect hasn't reappeared so far..however I've still noticed that even if the internet is connected, after a while the browsers fail to connect to the net and says 'Error lander' or unable to connect to the internet, even though msn still works..maybe it's just msn that still works but it disconnects too easily..would this be related to the same issue? =L

The Log :



========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
Process 12252.exe killed successfully!

Service\Driver RelevantKnowledge deleted successfully.
File File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}\ not found.
========== COMMANDS ==========
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04202009_202228

Files moved on Reboot...
File C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

Registry entries deleted on Reboot...

_____________________________________________________________

AVP REPORT:


Scan
----
Scanned: 611478
Detected: 0
Untreated: 0
Start time: 2009-04-20 20:56
Duration: 02:27:56
Finish time: 2009-04-20 23:24


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
2009-04-20 20:56 Running module: smss.exe\smss.exe ok scanned
2009-04-20 20:56 File: C:\Windows\System32\smss.exe ok scanned
2009-04-20 20:56 Running module: smss.exe\ntdll.dll ok scanned
2009-04-20 20:56 File: C:\Windows\system32\ntdll.dll ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size

Edited by HELP.ME, 21 April 2009 - 02:54 AM.

  • 0

#35
HELP.ME
Posted 21 April 2009 - 02:31 AM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

_____________________________________________________________

OTLISTIT2 Scan:


OTListIt logfile created on: 2009-04-21 18:08:20 - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 80.97% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 18.78 Gb Free Space | 25.20% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 66.54 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 778.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Drive P: | 7.47 Gb Total Space | 4.47 Gb Free Space | 59.90% Space Free | Partition Type: FAT32

Computer Name: ANNIE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\system32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Windows\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\Fighters\configservice.exe (SPAMfighter)
PRC - C:\Program Files\Fighters\licenseservice.exe (SPAMfighter)
PRC - C:\Program Files\Fighters\updateservice.exe (SPAMfighter)
PRC - C:\Program Files\Fighters\ScannerService.exe (SPAMfighter)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (AzureWave.com)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe (SPAMfighter)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\User\AppData\Local\Temp\12252.exe ()
PRC - C:\Users\User\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\system32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BlueSoleilCS [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (BsHelpCS [On_Demand | Stopped]) -- File not found
SRV - (BsMobileCS [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\Windows\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PTK License-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\licenseservice.exe (SPAMfighter)
SRV - (PTK Live Update-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\updateservice.exe (SPAMfighter)
SRV - (PTK Scanner-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\ScannerService.exe (SPAMfighter)
SRV - (PTK SharedAccess-FIGHTERS-297811811 [Auto | Running]) -- C:\Program Files\Fighters\configservice.exe (SPAMfighter)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AFS [Boot | Running]) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BtHidBus [Boot | Running]) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DVDRIVER [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\dvdriver.sys (Eagletron Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (is-BNOA6drv [System | Running]) -- C:\Windows\system32\DRIVERS\62276820.sys (Kaspersky Lab)
DRV - (is-EONG6drv [System | Running]) -- C:\Windows\system32\DRIVERS\88064161.sys (Kaspersky Lab)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Iviaspi [On_Demand | Stopped]) -- C:\Windows\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IvtBtBUs [On_Demand | Running]) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (JGOGO [Boot | Running]) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ASACPI.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (P16X [On_Demand | Running]) -- C:\Windows\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (Pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8187 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt [System | Running]) -- C:\Windows\system32\DRIVERS\rtlprot.sys (Windows ® Codename Longhorn DDK provider)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Vfscan [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\vffilter.sys ()
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}:1.2.211
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://au.search.yah...8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-17 17:15:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-17 17:15:53 | 00,000,000 | ---D | M]

[2008-07-09 23:17:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2008-07-09 23:17:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-21 12:44:20 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions
[2009-01-28 18:00:00 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009-01-13 20:55:56 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-01-13 14:29:24 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-11-28 20:10:21 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
[2009-04-17 17:16:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008-07-18 23:02:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009-04-17 17:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-26 14:34:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008-07-24 19:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009-03-10 13:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-04-17 17:15:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-17 17:15:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-02-20 05:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-02-20 05:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-02-20 05:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-02-20 05:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-02-20 05:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-02-20 05:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-02-20 05:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe (SPAMfighter)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cognac] C:\Users\User\AppData\Local\Temp\12252.exe ()
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H (PC Tools)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} http://games.bigfish...eb.1.0.0.11.cab (CPlayFirstFitnessDasControl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...SS.cab69309.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.h...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - H:\AutoRun.exe (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\AutoRun.exe (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\AutoRunGUI.dll (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\{011c0107-5598-11dd-a6f4-0011675c3e06}\Shell - "" = AutoRun
O33 - MountPoints2\{011c0107-5598-11dd-a6f4-0011675c3e06}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{250a4e78-7baf-11dd-a9cb-002215031222}\Shell - "" = AutoRun
O33 - MountPoints2\{250a4e78-7baf-11dd-a9cb-002215031222}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2007-08-05 01:54:31 | 00,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{4bd6a791-4a34-11dd-ab26-0015af841d69}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-04-20 20:56:04 | 00,000,000 | ---D | C] -- C:\ProgramData\is-DQMDE
[2009-04-20 20:50:10 | 00,013,688 | ---- | C] () -- C:\Users\User\Desktop\POST.docx
[2009-04-20 20:46:25 | 00,000,000 | ---D | C] -- C:\ProgramData\is-8OA20
[2009-04-20 20:22:28 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009-04-20 18:56:40 | 00,000,000 | ---D | C] -- C:\Program Files\Hp
[2009-04-19 20:20:27 | 73,431,4496 | ---- | C] () -- C:\Users\User\Desktop\Russell_Peters_Red_White__Brown_DVDrip_XviD-Ekolb.avi
[2009-04-19 15:47:49 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org
[2009-04-19 13:02:05 | 00,299,475 | ---- | C] () -- C:\Users\User\Desktop\WISHLIST.xlsx
[2009-04-19 10:41:01 | 13,913,5839 | ---- | C] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part4.rar
[2009-04-18 23:29:28 | 20,480,0000 | ---- | C] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part3.rar
[2009-04-18 22:24:37 | 20,480,0000 | ---- | C] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part1.rar
[2009-04-18 22:19:20 | 20,480,0000 | ---- | C] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part2.rar
[2009-04-17 23:28:32 | 04,246,836 | -H-- | C] () -- C:\Users\User\AppData\Local\IconCache.db
[2009-04-17 21:10:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTListIt2.exe
[2009-04-17 21:01:20 | 34,887,35232 | -HS- | C] () -- C:\hiberfil.sys
[2009-04-17 18:45:21 | 00,000,000 | ---D | C] -- C:\ProgramData\is-V7M5K
[2009-04-17 18:13:04 | 37,890,592 | ---- | C] ( ) -- C:\Users\User\Desktop\setup_7.0.0.290_17.04.2009_11-10.exe
[2009-04-17 17:26:35 | 00,000,000 | ---D | C] -- C:\ProgramData\is-ND4UK
[2009-04-17 17:19:53 | 35,868,704 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009-04-17 17:19:53 | 00,400,376 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009-04-17 17:17:17 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62276820.sys
[2009-04-17 17:15:27 | 00,001,782 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-EONG6.lnk
[2009-04-17 17:15:27 | 00,000,000 | ---D | C] -- C:\ProgramData\is-EONG6
[2009-04-17 17:15:19 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\88064161.sys
[2009-04-17 17:06:07 | 00,014,873 | ---- | C] () -- D:\Documents\INSTRUCTIONS.docx
[2009-04-16 19:38:25 | 00,001,943 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2009-04-16 19:36:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2009-04-16 19:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\Fighters
[2009-04-16 19:03:22 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ScanSpyware
[2009-04-16 18:50:59 | 00,000,000 | ---D | C] -- C:\ProgramData\CrucialSoft Ltd
[2009-04-16 18:50:52 | 00,000,238 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009-04-16 17:38:14 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Graboid
[2009-04-16 17:36:19 | 00,001,053 | ---- | C] () -- C:\Users\User\Desktop\Graboid Video.lnk
[2009-04-13 19:26:09 | 01,357,204 | ---- | C] () -- C:\Users\User\Desktop\Schnuffel _Bunny.mp3
[2009-04-10 22:38:47 | 00,012,117 | ---- | C] () -- C:\Users\User\Desktop\DIRECTX_SIMS 2.docx
[2009-04-10 22:24:57 | 00,000,000 | ---D | C] -- C:\Program Files\ILOG
[2009-04-09 23:21:23 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009-04-09 23:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009-04-09 23:21:04 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-04-09 23:21:04 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009-04-09 15:44:40 | 00,005,211 | ---- | C] () -- C:\Users\User\Desktop\BORDERSVOUCHER.gif
[2009-04-08 20:09:18 | 00,011,216 | ---- | C] () -- C:\Users\User\Desktop\Christie Road.docx
[2009-04-07 23:17:28 | 00,101,460 | ---- | C] () -- C:\Users\User\Desktop\Asuka.docx
[2009-04-06 16:14:17 | 00,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$Do Stupid Things 44% Of the Time.docx
[2009-04-05 21:59:11 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ahead
[2009-04-04 16:48:54 | 00,000,000 | ---D | C] -- C:\Program Files\Pet Pals
[2009-04-03 21:29:04 | 02,819,409 | ---- | C] () -- C:\Users\User\Desktop\Rainbowhair.ptg
[2009-04-03 14:53:35 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-04-03 14:53:35 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-04-03 14:53:35 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009-03-31 14:57:06 | 00,001,834 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2009-03-31 14:57:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-03-31 13:54:13 | 00,008,288 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-03-29 18:55:30 | 09,069,513 | ---- | C] () -- C:\Users\User\Desktop\Colour World.ptg
[2009-03-29 11:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\DirectX
[2009-03-29 10:53:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\directx
[2009-03-29 10:16:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009-03-29 10:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009-03-29 10:14:28 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009-03-29 10:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009-03-28 21:41:49 | 00,001,989 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2009-03-27 14:33:02 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\OTScanIt2
[2009-03-27 14:29:51 | 00,662,639 | ---- | C] () -- C:\Users\User\Desktop\OTScanIt2.exe
[2009-03-26 17:59:10 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2009-03-26 14:53:36 | 00,000,000 | ---D | C] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009-03-26 14:52:23 | 00,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009-03-26 14:35:26 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2009-03-26 14:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009-03-26 14:34:51 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009-03-24 16:51:30 | 00,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-03-14 23:03:24 | 00,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2009-03-14 22:59:44 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009-02-28 19:44:42 | 03,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009-02-28 19:44:42 | 00,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009-02-28 19:44:42 | 00,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009-02-28 19:44:42 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009-02-28 19:44:41 | 00,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2009-02-01 12:59:09 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009-01-12 12:02:16 | 02,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009-01-12 12:02:16 | 00,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009-01-12 12:02:15 | 00,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009-01-12 12:02:15 | 00,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009-01-12 11:50:31 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-01-12 11:32:29 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-01-12 11:32:29 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008-12-31 16:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008-12-30 13:57:28 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008-12-20 19:05:48 | 00,000,037 | ---- | C] () -- C:\Windows\avitoiPodconverter.ini
[2008-11-18 11:01:46 | 00,015,496 | ---- | C] () -- C:\Windows\System32\drivers\vffilter.sys
[2008-11-07 02:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008-11-07 02:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008-11-07 02:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008-11-07 02:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008-10-07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008-09-12 18:29:41 | 00,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008-09-10 22:21:35 | 00,000,158 | ---- | C] () -- C:\Windows\pagesuit.ini
[2008-09-10 22:21:32 | 00,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2008-08-26 15:46:09 | 00,000,088 | RHS- | C] () -- C:\Windows\System32\2859EE8E6A.sys
[2008-08-26 15:42:23 | 00,004,182 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008-07-31 22:39:22 | 00,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008-07-26 13:42:52 | 00,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008-07-26 07:25:02 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008-07-11 15:43:39 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008-07-11 15:43:39 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008-07-11 15:43:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008-07-11 15:43:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008-07-11 15:43:39 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008-07-11 15:43:39 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008-07-09 23:50:53 | 00,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008-07-09 23:50:52 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008-07-09 23:50:48 | 00,027,648 | -HS- | C] () -- C:\Windows\System32\Smab0.dll
[2008-07-09 21:18:20 | 00,000,000 | ---- | C] () -- C:\Windows\WININIT.INI
[2008-07-09 17:16:45 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008-07-03 17:35:52 | 00,065,536 | ---- | C] ( ) -- C:\Windows\System32\A3d.dll
[2008-07-03 17:35:52 | 00,039,936 | ---- | C] () -- C:\Windows\System32\P16X.dll
[2008-07-03 16:58:05 | 00,018,521 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008-07-03 16:57:45 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008-07-03 16:57:34 | 00,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006-11-02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 20:23:31 | 00,000,431 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-08-03 07:24:02 | 00,014,336 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== Files - Modified Within 30 Days ==========

[2009-04-21 18:08:48 | 35,868,704 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009-04-21 17:38:27 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-04-21 17:38:27 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-04-21 11:44:20 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-04-21 11:44:20 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-04-21 11:44:20 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-04-21 11:38:44 | 00,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2009-04-21 11:38:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-04-21 11:38:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-04-21 11:38:22 | 34,887,35232 | -HS- | M] () -- C:\hiberfil.sys
[2009-04-21 01:42:59 | 00,400,376 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009-04-21 01:42:25 | 04,246,836 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009-04-21 00:06:20 | 00,013,688 | ---- | M] () -- C:\Users\User\Desktop\POST.docx
[2009-04-20 13:47:05 | 00,299,475 | ---- | M] () -- C:\Users\User\Desktop\WISHLIST.xlsx
[2009-04-19 20:20:57 | 73,431,4496 | ---- | M] () -- C:\Users\User\Desktop\Russell_Peters_Red_White__Brown_DVDrip_XviD-Ekolb.avi
[2009-04-19 20:20:57 | 00,130,560 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-19 10:41:05 | 13,913,5839 | ---- | M] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part4.rar
[2009-04-18 23:29:36 | 20,480,0000 | ---- | M] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part3.rar
[2009-04-18 22:24:44 | 20,480,0000 | ---- | M] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part1.rar
[2009-04-18 22:19:22 | 20,480,0000 | ---- | M] () -- C:\Users\User\Desktop\Jersey.Girl.2004.WS.DVDRip.XViD.iNT-EwDp_LeechersPlace.org.part2.rar
[2009-04-17 21:10:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTListIt2.exe
[2009-04-17 18:25:22 | 37,890,592 | ---- | M] ( ) -- C:\Users\User\Desktop\setup_7.0.0.290_17.04.2009_11-10.exe
[2009-04-17 17:15:27 | 00,001,782 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-EONG6.lnk
[2009-04-17 17:06:08 | 00,014,873 | ---- | M] () -- D:\Documents\INSTRUCTIONS.docx
[2009-04-17 16:58:52 | 19,086,5364 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009-04-17 16:25:17 | 00,000,238 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009-04-16 19:38:25 | 00,001,943 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2009-04-16 17:36:19 | 00,001,053 | ---- | M] () -- C:\Users\User\Desktop\Graboid Video.lnk
[2009-04-16 17:36:12 | 00,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009-04-15 18:13:00 | 00,001,834 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk
[2009-04-13 19:30:56 | 01,357,204 | ---- | M] () -- C:\Users\User\Desktop\Schnuffel _Bunny.mp3
[2009-04-10 22:38:47 | 00,012,117 | ---- | M] () -- C:\Users\User\Desktop\DIRECTX_SIMS 2.docx
[2009-04-09 23:21:23 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009-04-09 15:44:00 | 00,005,211 | ---- | M] () -- C:\Users\User\Desktop\BORDERSVOUCHER.gif
[2009-04-08 20:09:18 | 00,011,216 | ---- | M] () -- C:\Users\User\Desktop\Christie Road.docx
[2009-04-08 01:05:34 | 00,101,460 | ---- | M] () -- C:\Users\User\Desktop\Asuka.docx
[2009-04-06 16:34:52 | 00,037,986 | ---- | M] () -- C:\Users\User\Desktop\I Do Stupid Things 44% Of the Time.docx
[2009-04-06 16:14:17 | 00,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$Do Stupid Things 44% Of the Time.docx
[2009-04-06 15:15:57 | 01,794,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-04-06 14:46:13 | 00,140,928 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-04-03 21:29:04 | 02,819,409 | ---- | M] () -- C:\Users\User\Desktop\Rainbowhair.ptg
[2009-04-03 15:28:27 | 00,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2009-04-02 18:33:07 | 00,012,714 | ---- | M] () -- C:\Users\User\Desktop\NICKNAME.docx
[2009-03-31 13:54:13 | 00,008,288 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2009-03-30 19:53:33 | 00,002,587 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2009-03-30 16:30:28 | 09,069,513 | ---- | M] () -- C:\Users\User\Desktop\Colour World.ptg
[2009-03-28 21:41:49 | 00,001,989 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2009-03-27 14:29:56 | 00,662,639 | ---- | M] () -- C:\Users\User\Desktop\OTScanIt2.exe
[2009-03-26 14:55:56 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009-03-26 14:52:23 | 00,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009-03-26 14:34:53 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009-03-24 16:51:30 | 00,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC
< End of report >
  • 0

#36
handhfan
Posted 21 April 2009 - 05:20 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
I doubt that's related to malware. If you're having trouble with it, feel free to post about it in the Tech forums. They will be able to help you with that issue more than I can.

Other than that, your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!
  • 0

#37
HELP.ME
Posted 22 April 2009 - 06:53 AM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
THANK YOU VERY MUCH FOR YOUR HELP!!!!! :)
  • 0

#38
handhfan
Posted 23 April 2009 - 03:57 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP