[Salah]

Hey, just recently my google search results have been being redirected to other websites mainly www.coolfind200309.com. I have no idea how to remove it, i've tried different things like Malwarebytes, combofix, Avast, but none have done the job, the help will be much appreciated. thanks.

-Salah

[Advertisements]

Hello Salah

Welcome to G2Go.
=====================

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[kahdah]

Hello Salah

Welcome to G2Go.
=====================

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[Salah]

Hey Kahdah, I did what you said and here are the results, Thanks for your help man.

OTListIt:

OTListIt logfile created on: 26/03/2009 2:02:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\ShOwTiMe\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 195.37 Mb Available Physical Memory | 40.75% Memory free
1.10 Gb Paging File | 0.66 Gb Available in Paging File | 60.20% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.12 Gb Total Space | 15.92 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
Drive D: | 27.93 Gb Total Space | 4.33 Gb Free Space | 15.51% Space Free | Partition Type: FAT32
Drive E: | 27.93 Gb Total Space | 6.95 Gb Free Space | 24.87% Space Free | Partition Type: FAT32
Drive F: | 27.93 Gb Total Space | 12.90 Gb Free Space | 46.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 58.34 Gb Total Space | 2.71 Gb Free Space | 4.64% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SHOW
Current User Name: ShOwTiMe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()
PRC - C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe ()
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ANIWZCSdService [Auto | Stopped]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (TUWinStylerThemeSvc [On_Demand | Stopped]) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\System32\ANIO.SYS (Alpha Networks Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (CxLPT [Auto | Running]) -- C:\WINDOWS\System32\drivers\cxlpt.sys (Logitech Inc.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080801.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080801.004\NAVEX15.SYS (Symantec Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080801.005\SymIDSCo.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vaxscsi [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (ViaIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.google.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/25 23:04:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/25 22:50:06 | 00,000,000 | ---D | M]

[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Extensions
[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 23:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions
[2009/01/22 18:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/30 17:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/21 15:10:51 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\dictionarycom.xml
[2008/01/08 21:22:50 | 00,001,703 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\live-search.xml
[2007/09/26 00:05:08 | 00,005,346 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\moviescom.xml
[2008/10/24 06:19:24 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\search.xml
[2008/04/15 01:00:55 | 00,001,387 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\torrentspy.xml
[2008/06/18 17:48:46 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\wikipedia-en.xml
[2008/10/25 14:34:05 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\yahoo-answers.xml
[2009/03/21 15:10:51 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\youtube---videos.xml
[2008/11/10 23:59:54 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\youtube-video-search.xml
[2008/09/23 20:26:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/07 07:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/07 07:15:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/07 07:15:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/24 06:20:06 | 00,000,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [sysfbtray] C:\windows\freddy39.exe ()
O4 - HKLM..\Run: [sysldtray] C:\windows\ld02.exe ()
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [dll] rundll32 dll32,sm (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Win32load] C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe -lds ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll ()
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 09:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell - "" = AutoRun
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 09:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/03/26 13:59:33 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe
[2009/03/25 22:46:39 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/25 22:46:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/25 22:46:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/25 22:46:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/25 22:46:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/25 22:46:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/25 22:46:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/25 22:46:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/25 22:46:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/25 22:28:54 | 02,934,705 | R--- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\ComboFix.exe
[2009/03/25 21:00:07 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/25 21:00:07 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/25 21:00:06 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/25 21:00:06 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/25 21:00:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/25 21:00:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/25 21:00:04 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/25 21:00:04 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/25 21:00:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/25 20:59:39 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/25 20:59:39 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/25 20:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/25 20:53:19 | 32,793,088 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\setupeng.exe
[2009/03/25 20:40:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/25 20:39:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/24 22:06:51 | 00,000,248 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\WARNING.rtf
[2009/03/24 22:04:53 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe
[2009/03/24 16:07:34 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\f23567.dat
[2009/03/24 16:07:22 | 00,029,696 | -H-- | C] () -- C:\WINDOWS\freddy39.exe
[2009/03/24 16:07:19 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2792f44.dat
[2009/03/24 15:05:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.mpref
[2009/03/24 11:54:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/24 03:46:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/24 02:10:58 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g234sdfdfgjf23
[2009/03/24 02:10:57 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2808f44.dat
[2009/03/24 02:10:56 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\dll32.dll
[2009/03/24 02:10:05 | 00,012,800 | -H-- | C] () -- C:\WINDOWS\ld02.exe
[2009/03/20 13:58:40 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN resume.doc
[2009/03/16 21:55:49 | 02,701,687 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+jazzy.mp3
[2009/03/16 21:55:41 | 02,705,911 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+sickbrain.mp3
[2009/03/01 16:47:34 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/01 16:47:34 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/02/25 17:19:23 | 00,013,359 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\My Documents\WELLBEING- NUTRITION TERMS.docx
[2009/02/24 21:02:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ShOwTiMe\Desktop\abois music
[2009/02/24 14:12:14 | 00,039,424 | -HS- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\Thumbs.db

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2010/03/04 00:37:12 | 73,391,3088 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\Blades.Of.Glory.DVDRip.XviD-DoNE.avi
[2009/03/26 14:01:19 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe
[2009/03/26 13:53:46 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\My Documents\My Sharing Folders.lnk
[2009/03/26 13:51:33 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/26 13:51:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/26 13:50:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/25 22:58:20 | 00,002,057 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 22:56:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/25 22:28:54 | 02,934,705 | R--- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\ComboFix.exe
[2009/03/25 21:58:56 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/25 21:00:07 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/25 21:00:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/25 20:57:15 | 32,793,088 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\setupeng.exe
[2009/03/25 08:05:27 | 00,012,800 | -H-- | M] () -- C:\WINDOWS\ld02.exe
[2009/03/24 22:06:51 | 00,000,248 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\WARNING.rtf
[2009/03/24 22:04:52 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe
[2009/03/24 16:07:34 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\f23567.dat
[2009/03/24 16:07:23 | 00,029,696 | -H-- | M] () -- C:\WINDOWS\freddy39.exe
[2009/03/24 16:07:19 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2792f44.dat
[2009/03/24 15:05:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.mpref
[2009/03/24 11:54:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/24 03:46:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/24 02:10:58 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g234sdfdfgjf23
[2009/03/24 02:10:57 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2808f44.dat
[2009/03/24 02:10:56 | 00,013,312 | ---- | M] () -- C:\WINDOWS\System32\dll32.dll
[2009/03/21 14:22:06 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - ShOwTiMe.job
[2009/03/20 20:06:46 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\coh.cache
[2009/03/20 13:58:41 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN resume.doc
[2009/03/20 13:57:43 | 00,052,513 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN.doc
[2009/03/18 22:48:09 | 02,705,911 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+sickbrain.mp3
[2009/03/12 17:23:34 | 00,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 17:16:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 17:10:16 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 17:10:16 | 00,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 17:10:16 | 00,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/01 16:47:34 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/01 16:47:34 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/02/26 18:40:25 | 00,612,872 | -HS- | M] () -- C:\Documents and Settings\ShOwTiMe\My Documents\Thumbs.db
[2009/02/25 17:20:19 | 00,013,359 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\My Documents\WELLBEING- NUTRITION TERMS.docx
[2009/02/24 14:12:15 | 00,039,424 | -HS- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\Thumbs.db
[2009/02/24 14:12:12 | 00,100,352 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2008/10/24 17:46:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/08/19 07:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/08/05 20:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/08/05 20:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/25 15:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/10/24 17:46:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/07/20 02:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006/12/14 08:00:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/12 17:14:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006/08/27 02:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/12/21 02:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/10/24 16:35:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/13 17:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/10/04 00:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/08/19 07:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/24 22:04:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data
[2008/01/17 16:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Adobe
[2006/08/21 01:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\AdobeUM
[2007/10/02 19:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Apple Computer
[2009/02/15 03:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Azureus
[2006/12/04 03:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\dvdcss
[2007/06/11 07:25:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Google
[2006/11/18 21:46:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Help
[2006/08/14 00:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Identities
[2006/08/13 23:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Macromedia
[2008/10/24 17:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Malwarebytes
[2007/06/22 21:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Media Player Classic
[2008/04/20 00:38:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Microsoft
[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla
[2006/08/27 02:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\NCH Swift Sound
[2006/08/31 23:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\NetMedia Providers
[2006/12/04 15:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Publish Providers
[2007/03/05 05:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Real
[2006/08/27 02:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\RecordPad
[2006/09/01 01:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Sony
[2006/08/13 22:43:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\Sun
[2006/08/13 18:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\TuneUp Software
[2006/08/18 20:36:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\vlc
[2001/08/23 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/26 13:51:33 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/03/21 14:22:06 | 00,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - ShOwTiMe.job
[2009/03/26 13:51:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
< End of report >


_____________________________________________________________________________________________



GMERtxt:


GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-26 16:12:53
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 85235190 ZwAlertResumeThread
SSDT 85089E50 ZwAlertThread
SSDT 850E3140 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5CD06B8]
SSDT 85235248 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5CD0574]
SSDT 851FA9D8 ZwCreateMutant
SSDT 85077398 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF5F71880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5CD0A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5CD014C]
SSDT sptd.sys ZwEnumerateKey [0xF7704FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF7705340]
SSDT 85194E00 ZwFreeVirtualMemory
SSDT 851FADF8 ZwImpersonateAnonymousToken
SSDT 85291880 ZwImpersonateThread
SSDT 8529A7F8 ZwMapViewOfSection
SSDT 851FEF38 ZwOpenEvent
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5CD064E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5CD008C]
SSDT 85299880 ZwOpenProcessToken
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5CD00F0]
SSDT 851A21A8 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey [0xF7705418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5CD076E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5CD072E]
SSDT 851F73C8 ZwResumeThread
SSDT 85155008 ZwSetContextThread
SSDT 85165BD8 ZwSetInformationProcess
SSDT 8516DBF8 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5CD08AE]
SSDT 851237D0 ZwSuspendProcess
SSDT 85156FD0 ZwSuspendThread
SSDT 851F8340 ZwTerminateProcess
SSDT 85167FD0 ZwTerminateThread
SSDT 851FD4B0 ZwUnmapViewOfSection
SSDT 851AAEA8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F746962C 5 Bytes JMP 8520F488
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F73084D0 48 Bytes [ED, A6, 4D, 13, 05, 11, 35, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001B60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001AD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001830 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] ADVAPI32.dll!CryptDecrypt 77DEA7B1 2 Bytes JMP 28001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] ADVAPI32.dll!CryptDecrypt + 3 77DEA7B4 4 Bytes [21, B0, CC, CC]
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 28003A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 28003370 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!SetWindowRgn 7E41FFB2 7 Bytes JMP 28004DB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!CreateDialogParamW 7E427D4F 5 Bytes JMP 28004E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!SetWindowPlacement 7E42D84C 5 Bytes JMP 28004CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 28004FB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] USER32.dll!TrackPopupMenuEx 7E46CD28 5 Bytes JMP 28004230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WS2_32.dll!send 71AB428A 5 Bytes JMP 28009120 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 28008F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WS2_32.dll!recv 71AB615A 5 Bytes JMP 28008D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 280092A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 280094B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 5 Bytes JMP 28002B50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] ole32.dll!CoInitializeEx 774FEF6B 5 Bytes JMP 28001D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] ole32.dll!CoRegisterClassObject 77518720 5 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WININET.dll!HttpOpenRequestA 771C368D 5 Bytes JMP 28007D10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WININET.dll!InternetCloseHandle 771C4D4C 5 Bytes JMP 28007FF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WININET.dll!HttpSendRequestA 771C60D9 5 Bytes JMP 28007F40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[848] WININET.dll!InternetReadFile 771C828C 5 Bytes JMP 28007E70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F771606C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7716018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77389AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F771606C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76FFAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76FFC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76FFB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7700748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F770061E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F771529A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 853D91E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 85067790

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{043A4007-BEA5-4756-8129-EEE00219F2C0} 8501E408
Device \Driver\usbuhci \Device\USBPDO-0 8520E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8536B1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8536B1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8536B1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8536B1E8
Device \Driver\usbuhci \Device\USBPDO-1 8520E1E8
Device \Driver\usbuhci \Device\USBPDO-2 8520E1E8
Device \Driver\usbehci \Device\USBPDO-3 8520D1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 853DB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 853DB1E8
Device \Driver\Cdrom \Device\CdRom0 852021E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 853DB1E8
Device \Driver\Cdrom \Device\CdRom1 852021E8
Device \Driver\atapi \Device\Ide\IdePort0 853DA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 853DA1E8
Device \Driver\atapi \Device\Ide\IdePort1 853DA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 853DA1E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 853DB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 853DB1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8501E408
Device \Driver\NetBT \Device\NetbiosSmb 8501E408
Device \Driver\PCI_NTPNP9832 \Device\0000005a sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8520E1E8
Device \Driver\usbuhci \Device\USBFDO-1 8520E1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84FCF1E8
Device \Driver\usbuhci \Device\USBFDO-2 8520E1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8ECB5279-967B-4E4E-B414-E2008425DA34} 8501E408
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84FCF1E8
Device \Driver\usbehci \Device\USBFDO-3 8520D1E8
Device \Driver\Ftdisk \Device\FtControl 853DB1E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 851581E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 851581E8
Device \FileSystem\Fastfat \Fat 85067790

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 8502F790
Device \FileSystem\Cdfs \Cdfs F2260BCE

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -249927505
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -347083428
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x73 0x32 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0xEE 0x5F 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0x32 0x0C 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x03 0x8C 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x73 0x32 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0xEE 0x5F 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0x32 0x0C 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x03 0x8C 0x54 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85D6B0D8-1971-6A78-55BB-D61E21830C63}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85D6B0D8-1971-6A78-55BB-D61E21830C63}@iahplllmgndhbihaje 0x6B 0x61 0x6E 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85D6B0D8-1971-6A78-55BB-D61E21830C63}@hajaflnhfikjdfbj 0x6B 0x61 0x6E 0x62 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\ShOwTiMe\Local Settings\Temporary Internet Files\Content.IE5\UDGFELA1\videoByTag[7].xml 628 bytes

---- EOF - GMER 1.0.15 ----





Thnks again.

[kahdah]

Run OTList2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTLI
  O4 - HKLM..\Run: [sysfbtray] C:\windows\freddy39.exe ()
  O4 - HKLM..\Run: [sysldtray] C:\windows\ld02.exe ()
  O4 - HKCU..\Run: [dll] rundll32 dll32,sm (Microsoft Corporation)
  
  :Files
  C:\WINDOWS\f23567.dat
  C:\WINDOWS\freddy39.exe
  C:\WINDOWS\t55ft2792f44.dat
  C:\WINDOWS\System32\nfr.mpref
  C:\WINDOWS\System32\nfr.gpref
  C:\WINDOWS\System32\nfr.assembly
  C:\WINDOWS\9g234sdfdfgjf23
  C:\WINDOWS\t55ft2808f44.dat
  C:\WINDOWS\System32\dll32.dll
  C:\WINDOWS\ld02.exe
  
  :Commands
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

================================Follow up scan=================================

• Double click on Otlistit to run it again. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

[Salah]

Hey Sorry for the delay, but i did what you said and here are the results:

Run FIx:

========== OTLISTIT ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysfbtray not found.
File C:\windows\freddy39.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysldtray not found.
File C:\windows\ld02.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dll not found.
C:\WINDOWS\System32\rundll32.exe moved successfully.
========== FILES ==========
File/Folder C:\WINDOWS\f23567.dat not found.
File/Folder C:\WINDOWS\freddy39.exe not found.
File/Folder C:\WINDOWS\t55ft2792f44.dat not found.
File/Folder C:\WINDOWS\System32\nfr.mpref not found.
File/Folder C:\WINDOWS\System32\nfr.gpref not found.
File/Folder C:\WINDOWS\System32\nfr.assembly not found.
File/Folder C:\WINDOWS\9g234sdfdfgjf23 not found.
File/Folder C:\WINDOWS\t55ft2808f44.dat not found.
File/Folder C:\WINDOWS\System32\dll32.dll not found.
File/Folder C:\WINDOWS\ld02.exe not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\WER5092.dir00\appcompat.txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\etilqs_LWfu8OmHu8MtzqydheVX scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF2812.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF2836.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF29C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF36DD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF38BB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_434.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 04032009_183509

Files moved on Reboot...
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\WER5092.dir00\appcompat.txt not found!
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\etilqs_LWfu8OmHu8MtzqydheVX not found!
C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\WCESLog.log moved successfully.
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF2812.tmp not found!
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF2836.tmp not found!
C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF29C.tmp moved successfully.
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF36DD.tmp not found!
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF38BB.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_434.dat not found!
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


_____________________________________________________

OTList scan:


OTListIt logfile created on: 03/04/2009 6:51:09 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\ShOwTiMe\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 162.89 Mb Available Physical Memory | 33.97% Memory free
1.10 Gb Paging File | 0.66 Gb Available in Paging File | 60.59% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.12 Gb Total Space | 15.85 Gb Free Space | 35.93% Space Free | Partition Type: NTFS
Drive D: | 27.93 Gb Total Space | 4.32 Gb Free Space | 15.48% Space Free | Partition Type: FAT32
Drive E: | 27.93 Gb Total Space | 6.95 Gb Free Space | 24.87% Space Free | Partition Type: FAT32
Drive F: | 27.93 Gb Total Space | 12.90 Gb Free Space | 46.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 58.34 Gb Total Space | 2.71 Gb Free Space | 4.64% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SHOW
Current User Name: ShOwTiMe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()
PRC - C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ANIWZCSdService [Auto | Stopped]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (TUWinStylerThemeSvc [On_Demand | Stopped]) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\System32\ANIO.SYS (Alpha Networks Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (CxLPT [Auto | Running]) -- C:\WINDOWS\System32\drivers\cxlpt.sys (Logitech Inc.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080801.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080801.004\NAVEX15.SYS (Symantec Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080801.005\SymIDSCo.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vaxscsi [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (ViaIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.google.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 12:55:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 12:55:45 | 00,000,000 | ---D | M]

[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Extensions
[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/02 19:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions
[2009/01/22 18:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/30 17:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/28 23:05:38 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\dictionarycom.xml
[2008/01/08 21:22:50 | 00,001,703 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\live-search.xml
[2007/09/26 00:05:08 | 00,005,346 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\moviescom.xml
[2008/10/24 06:19:24 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\search.xml
[2008/04/15 01:00:55 | 00,001,387 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\torrentspy.xml
[2008/06/18 17:48:46 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\wikipedia-en.xml
[2008/10/25 14:34:05 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\yahoo-answers.xml
[2009/03/28 23:05:38 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\youtube---videos.xml
[2008/11/10 23:59:54 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\youtube-video-search.xml
[2008/09/23 20:26:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 12:55:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 12:55:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 12:55:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/24 06:20:06 | 00,000,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Win32load] C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe -lds ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll ()
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 09:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell - "" = AutoRun
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 09:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/03 18:36:19 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/03 18:33:51 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/27 22:16:57 | 01,098,092 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1631.jpg
[2009/03/27 22:16:57 | 01,024,468 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1639.jpg
[2009/03/27 22:16:56 | 01,077,752 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1637.jpg
[2009/03/27 22:16:55 | 01,116,800 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1640.jpg
[2009/03/27 22:16:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ShOwTiMe\Desktop\Integra
[2009/03/26 14:07:48 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\w5mvl290.exe
[2009/03/26 13:59:33 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe
[2009/03/25 22:46:39 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/25 22:46:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/25 22:46:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/25 22:46:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/25 22:46:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/25 22:46:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/25 22:46:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/25 22:46:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/25 22:46:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/25 22:28:54 | 02,934,705 | R--- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\ComboFix.exe
[2009/03/25 21:00:07 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/25 21:00:07 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/25 21:00:06 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/25 21:00:06 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/25 21:00:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/25 21:00:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/25 21:00:04 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/25 21:00:04 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/25 21:00:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/25 20:59:39 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/25 20:59:39 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/25 20:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/25 20:53:19 | 32,793,088 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\setupeng.exe
[2009/03/25 20:40:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/25 20:39:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/24 22:06:51 | 00,000,248 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\WARNING.rtf
[2009/03/24 22:04:53 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe
[2009/03/20 13:58:40 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN resume.doc
[2009/03/16 21:55:49 | 02,701,687 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+jazzy.mp3
[2009/03/16 21:55:41 | 02,705,911 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+sickbrain.mp3

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2010/03/04 00:37:12 | 73,391,3088 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\Blades.Of.Glory.DVDRip.XviD-DoNE.avi
[2009/04/03 18:42:23 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\My Documents\My Sharing Folders.lnk
[2009/04/03 18:39:14 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/03 18:38:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 18:38:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 18:30:58 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/28 12:37:01 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - ShOwTiMe.job
[2009/03/27 17:24:22 | 01,116,800 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1640.jpg
[2009/03/27 17:21:58 | 01,024,468 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1639.jpg
[2009/03/27 17:20:58 | 01,077,752 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1637.jpg
[2009/03/27 17:18:44 | 01,098,092 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1631.jpg
[2009/03/26 14:10:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\w5mvl290.exe
[2009/03/26 14:01:19 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe
[2009/03/25 22:58:20 | 00,002,057 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 22:56:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/25 22:28:54 | 02,934,705 | R--- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\ComboFix.exe
[2009/03/25 21:00:07 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/25 21:00:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/25 20:57:15 | 32,793,088 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\setupeng.exe
[2009/03/24 22:06:51 | 00,000,248 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\WARNING.rtf
[2009/03/24 22:04:52 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe
[2009/03/20 20:06:46 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\coh.cache
[2009/03/20 13:58:41 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN resume.doc
[2009/03/20 13:57:43 | 00,052,513 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN.doc
[2009/03/18 22:48:09 | 02,705,911 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+sickbrain.mp3
[2009/03/12 17:23:34 | 00,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 17:16:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 17:10:16 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 17:10:16 | 00,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 17:10:16 | 00,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

[kahdah]

Hi a legitimate file was moved by accident in the last script and will need to be put it back in the original location.

Please go to start > run the click search.
In the file names to search for paste in this name:
rundll32.exe find the one that is in the C:\_OTListit folder then right click on it and choose Copy.
Then browse to this location C:\Windows\system32\ then in a white area there right click again and choose Paste.


Let me know when you have completed those steps.

[Salah]

Heyy, i've done what you said, i pasted the rundll32.exe into the system32 folder, and i think that the redirecting virus is gone, my google searches seem to be workin fine, so do u think i dont have to worry about that anymore?

[kahdah]

Run OTList2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTLI
  O4 - HKCU..\Run: [Win32load] C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe -lds ()
  
  :Commands
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

=====================

• Double click on Otlistit to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

[Salah]

========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Win32load deleted successfully.
C:\Documents and Settings\ShOwTiMe\Application Data\nscagent.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\etilqs_pbgcpOGA56hjIBIqGOCO scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF5DC0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF5E82.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF647F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF6558.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_514.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 04052009_135718

Files moved on Reboot...
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\etilqs_pbgcpOGA56hjIBIqGOCO not found!
C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\WCESLog.log moved successfully.
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF5DC0.tmp not found!
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF5E82.tmp not found!
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF647F.tmp not found!
File C:\Documents and Settings\ShOwTiMe\Local Settings\Temp\~DF6558.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_514.dat not found!
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\ShOwTiMe\Local Settings\Application Data\Mozilla\Firefox\Profiles\a3hpon9l.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

________________________________________________________________________


OTListIt logfile created on: 05/04/2009 2:05:09 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\ShOwTiMe\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 136.67 Mb Available Physical Memory | 28.50% Memory free
1.10 Gb Paging File | 0.73 Gb Available in Paging File | 66.39% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.12 Gb Total Space | 15.87 Gb Free Space | 35.96% Space Free | Partition Type: NTFS
Drive D: | 27.93 Gb Total Space | 4.32 Gb Free Space | 15.48% Space Free | Partition Type: FAT32
Drive E: | 27.93 Gb Total Space | 6.95 Gb Free Space | 24.87% Space Free | Partition Type: FAT32
Drive F: | 27.93 Gb Total Space | 12.90 Gb Free Space | 46.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 58.34 Gb Total Space | 2.71 Gb Free Space | 4.64% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SHOW
Current User Name: ShOwTiMe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()
PRC - C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
PRC - C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe (Symantec Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ANIWZCSdService [Auto | Stopped]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)
SRV - (LiveUpdate [On_Demand | Running]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (TUWinStylerThemeSvc [On_Demand | Stopped]) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\System32\ANIO.SYS (Alpha Networks Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (CxLPT [Auto | Running]) -- C:\WINDOWS\System32\drivers\cxlpt.sys (Logitech Inc.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080801.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080801.004\NAVEX15.SYS (Symantec Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080801.005\SymIDSCo.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vaxscsi [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (ViaIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.google.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 12:55:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 12:55:45 | 00,000,000 | ---D | M]

[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Extensions
[2008/09/23 20:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/04 03:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions
[2009/01/22 18:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/30 17:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ShOwTiMe\Application Data\mozilla\Firefox\Profiles\a3hpon9l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/28 23:05:38 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\dictionarycom.xml
[2008/01/08 21:22:50 | 00,001,703 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\live-search.xml
[2007/09/26 00:05:08 | 00,005,346 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\moviescom.xml
[2008/10/24 06:19:24 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\search.xml
[2008/04/15 01:00:55 | 00,001,387 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\torrentspy.xml
[2008/06/18 17:48:46 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\wikipedia-en.xml
[2008/10/25 14:34:05 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\yahoo-answers.xml
[2009/03/28 23:05:38 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\youtube---videos.xml
[2008/11/10 23:59:54 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Application Data\Mozilla\FireFox\Profiles\a3hpon9l.default\searchplugins\youtube-video-search.xml
[2008/09/23 20:26:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 12:55:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 12:55:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 12:55:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/24 06:20:06 | 00,000,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll ()
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bb28b3e-7073-11dd-ad0f-0015e9a40353}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 09:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell - "" = AutoRun
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb3ab0f4-df60-11dc-abfa-0015e9a40353}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 09:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/03 18:36:19 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/03 18:33:51 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/27 22:16:57 | 01,098,092 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1631.jpg
[2009/03/27 22:16:57 | 01,024,468 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1639.jpg
[2009/03/27 22:16:56 | 01,077,752 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1637.jpg
[2009/03/27 22:16:55 | 01,116,800 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1640.jpg
[2009/03/27 22:16:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ShOwTiMe\Desktop\Integra
[2009/03/26 14:07:48 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\w5mvl290.exe
[2009/03/26 13:59:33 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe
[2009/03/25 22:46:39 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/25 22:46:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/25 22:46:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/25 22:46:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/25 22:46:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/25 22:46:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/25 22:46:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/25 22:46:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/25 22:46:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/25 22:28:54 | 02,934,705 | R--- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\ComboFix.exe
[2009/03/25 21:00:07 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/25 21:00:07 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/25 21:00:06 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/25 21:00:06 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/25 21:00:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/25 21:00:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/25 21:00:04 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/25 21:00:04 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/25 21:00:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/25 20:59:39 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/25 20:59:39 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/25 20:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/25 20:53:19 | 32,793,088 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\setupeng.exe
[2009/03/25 20:40:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/25 20:39:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/24 22:06:51 | 00,000,248 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\WARNING.rtf
[2009/03/20 13:58:40 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN resume.doc
[2009/03/16 21:55:49 | 02,701,687 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+jazzy.mp3
[2009/03/16 21:55:41 | 02,705,911 | ---- | C] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+sickbrain.mp3

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2010/03/04 00:37:12 | 73,391,3088 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\Blades.Of.Glory.DVDRip.XviD-DoNE.avi
[2009/04/05 14:01:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\My Documents\My Sharing Folders.lnk
[2009/04/05 13:59:47 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/05 13:59:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/05 13:58:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/05 03:51:36 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 03:28:44 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - ShOwTiMe.job
[2009/03/27 17:24:22 | 01,116,800 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1640.jpg
[2009/03/27 17:21:58 | 01,024,468 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1639.jpg
[2009/03/27 17:20:58 | 01,077,752 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1637.jpg
[2009/03/27 17:18:44 | 01,098,092 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\100_1631.jpg
[2009/03/26 14:10:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\w5mvl290.exe
[2009/03/26 14:01:19 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ShOwTiMe\Desktop\OTListIt2.exe
[2009/03/25 22:58:20 | 00,002,057 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 22:56:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/25 22:28:54 | 02,934,705 | R--- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\ComboFix.exe
[2009/03/25 21:00:07 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/25 21:00:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/25 20:57:15 | 32,793,088 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\setupeng.exe
[2009/03/24 22:06:51 | 00,000,248 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\WARNING.rtf
[2009/03/20 20:06:46 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\coh.cache
[2009/03/20 13:58:41 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN resume.doc
[2009/03/20 13:57:43 | 00,052,513 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\SALAHSULAIMAN.doc
[2009/03/18 22:48:09 | 02,705,911 | ---- | M] () -- C:\Documents and Settings\ShOwTiMe\Desktop\subcordem+sickbrain.mp3
[2009/03/12 17:23:34 | 00,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 17:16:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 17:10:16 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 17:10:16 | 00,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 17:10:16 | 00,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

[kahdah]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

[Salah]

i

Edited by Salah, 27 April 2009 - 05:13 PM.

[kahdah]

Have you recently installed ie8?

Right click on your internet icon in the system tray (near your clock) and choose repair.

ALso try to power cycle your modem.
You can do this by unplugging the power to the modem wait about 5 minutes then power it back on.
Then you will need to complete my last set of instructions before your post.

[Salah]

hey, i've done what you've asked and also installed ie08, but the problem still persists.

[kahdah]

No I said have you recently upgraded to ie8?

[Salah]

oh sorry, yeah i upgraded it earlier today actually.