Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Win32/Rootkit.Kryptik.DC trojan. Quarantined but locate compone

Started by jackjungle , Jun 26 2011 09:38 AM

  • Please log in to reply

#1
jackjungle
Posted 26 June 2011 - 09:38 AM

jackjungle

    New Member

  • Member
  • Pip
  • 5 posts
NOD32 detected and quarantined the following:

Time Module Object Name Threat Action User Information
6/26/2011 15:51:53 PM AMON file C:\WINDOWS.0\system32\drivers\579687.sys a variant of Win32/Rootkit.Kryptik.DC trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS.0\system32\spoolsv.exe. The file was moved to quarantine.

Messages of Hard Disk failures, Windows utility manager (never used or seen before starts on restart scanning, detecting errors and recommends to purchase their advance module to fix errors.

I CNTRL ALT DELETE to end this Windows Utility manager and log onto internet through D: drive and a saved web page.
The C: drive appears empty but there is still the same free space and used space.

Below is the OTL report and the Extras report

I still have my D: drive and access to it but no C: please advise

Thank you
Jackjungle


OTL logfile created on: 6/26/2011 10:12:38 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 280.93 Mb Available Physical Memory | 27.70% Memory free
1.63 Gb Paging File | 1.04 Gb Available in Paging File | 63.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 31.86 Gb Total Space | 7.67 Gb Free Space | 24.06% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 7.27 Gb Free Space | 6.20% Space Free | Partition Type: NTFS

Computer Name: KH-44C98C6F6EEB | User Name: kh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 22:11:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011/06/26 21:33:41 | 000,070,952 | -H-- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/06/26 21:03:33 | 000,492,840 | -H-- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/06/26 15:50:38 | 000,471,552 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe
PRC - [2011/06/24 16:28:09 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/09 01:47:48 | 001,531,904 | -H-- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/10/22 13:57:44 | 000,070,952 | -H-- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/06/28 18:27:37 | 000,208,896 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\kh\Local Settings\Temp\RtkBtMnt.exe
PRC - [2008/09/10 22:37:36 | 000,024,576 | -H-- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2007/12/04 13:44:46 | 000,949,376 | -H-- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2007/12/04 13:44:46 | 000,552,064 | -H-- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2007/11/12 21:51:00 | 000,316,664 | -H-- | M] (C-motech Co.,Ltd) -- C:\Program Files\CMO\CCU680\Bin\RDVCHG.exe
PRC - [2007/04/30 16:03:08 | 000,110,592 | -H-- | M] () -- C:\Program Files\phand\CPE17AntiAutorun.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/05 03:10:12 | 000,009,216 | -H-- | M] (Agere Systems) -- C:\WINDOWS.0\system32\agrsmsvc.exe
PRC - [2006/06/22 00:14:50 | 000,035,328 | -H-- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2005/09/24 12:30:38 | 000,483,328 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 22:11:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2010/08/23 23:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/14 15:07:14 | 000,615,936 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/15 19:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/22 13:57:44 | 000,070,952 | -H-- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2008/09/10 22:37:36 | 000,024,576 | -H-- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/12/05 14:15:17 | 000,068,096 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/12/04 13:44:46 | 000,552,064 | -H-- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 03:10:12 | 000,009,216 | -H-- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS.0\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/10/06 18:12:30 | 000,855,552 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/04 13:44:47 | 000,512,096 | -H-- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\amon.sys -- (AMON)
DRV - [2007/12/04 13:44:46 | 000,015,424 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007/12/04 13:43:35 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/08/15 07:27:18 | 000,009,600 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\n558.sys -- (n558)
DRV - [2007/07/22 14:41:06 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/06/21 22:58:32 | 000,547,072 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/05/30 12:04:56 | 004,424,192 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/30 09:49:00 | 000,021,504 | RH-- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\winbondhidcir.sys -- (winbondhidcir)
DRV - [2007/05/30 09:49:00 | 000,005,632 | RH-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\hidshim.sys -- (hidshim)
DRV - [2007/03/31 05:02:42 | 000,876,384 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 05:02:40 | 000,055,352 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 02:50:42 | 000,067,960 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 02:50:36 | 000,037,280 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 02:50:24 | 000,149,123 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 02:50:08 | 000,037,424 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 02:49:54 | 000,539,072 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/03/21 22:02:04 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/09 05:56:04 | 001,163,616 | RH-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/24 14:42:22 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/13 16:31:56 | 000,087,040 | -H-- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/02 16:51:58 | 000,013,560 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.17641
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/17 17:35:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/14 15:16:11 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 16:28:22 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 09:34:31 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/14 15:16:11 | 000,000,000 | -H-D | M]

[2009/08/03 10:22:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\kh\Application Data\Mozilla\Extensions
[2011/03/27 09:32:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\kh\Application Data\Mozilla\Firefox\Profiles\74hr98ny.default\extensions
[2010/07/15 12:04:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kh\Application Data\Mozilla\Firefox\Profiles\74hr98ny.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 09:22:56 | 000,000,000 | -H-D | M] (The Browser Highlighter) -- C:\Documents and Settings\kh\Application Data\Mozilla\Firefox\Profiles\74hr98ny.default\extensions\[email protected]
[2011/03/27 09:34:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/02/05 13:06:54 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 16:28:11 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/08/03 15:07:42 | 000,373,104 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010/01/01 15:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/28 17:27:08 | 000,000,027 | -H-- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DB41CDF3-FC6B-4063-BA3E-BD94EF958B82} - No CLSID value found.
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS.0\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CMO_CCU680] C:\Program Files\CMO\CCU680\Bin\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ijCpBkofHCxnSJo] C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe ()
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [protect_autorun] C:\Program Files\phand\CPE17AntiAutorun.exe ()
O4 - HKCU..\Run: [Search Protection] File not found
O4 - Startup: C:\Documents and Settings\kh\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\kh\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.0\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.0\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.0\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS.0\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS.0\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS.0\System32\imon.dll (Eset )
O15 - HKCU\..Trusted Domains: apple.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\kh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/04 12:19:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f3c69b56-802f-11e0-b03f-001b24bffff2}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c69b56-802f-11e0-b03f-001b24bffff2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3c69b56-802f-11e0-b03f-001b24bffff2}\Shell\AutoRun\command - "" = E:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 21:51:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kh\Recent
[2011/06/26 21:32:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kh\Start Menu\Programs\CyberLink PowerDVD
[2011/06/26 16:11:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kh\Start Menu\Programs\Windows XP Repair
[2011/05/29 19:49:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kh\Application Data\go
[2011/05/29 19:49:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 21:35:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS.0\tasks\MP Scheduled Scan.job
[2011/06/26 21:32:57 | 000,000,882 | -H-- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 21:32:57 | 000,000,240 | -H-- | M] () -- C:\WINDOWS.0\tasks\OGALogon.job
[2011/06/26 21:32:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2011/06/26 21:25:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 21:23:01 | 000,000,116 | -H-- | M] () -- C:\WINDOWS.0\NeroDigital.ini
[2011/06/26 21:05:18 | 000,002,206 | -H-- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2011/06/26 20:15:59 | 000,000,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21815076
[2011/06/26 20:15:59 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21815076r
[2011/06/26 16:11:32 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\kh\Desktop\Windows XP Repair.lnk
[2011/06/26 16:11:25 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21815076
[2011/06/26 16:11:19 | 000,414,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21815076.exe
[2011/06/26 15:50:38 | 000,471,552 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe
[2011/06/25 23:32:26 | 000,064,512 | -H-- | M] () -- C:\Documents and Settings\kh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 23:37:03 | 000,000,284 | -H-- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2011/06/19 19:29:45 | 000,444,822 | -H-- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2011/06/19 19:29:45 | 000,072,698 | -H-- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2011/06/17 03:06:17 | 000,001,374 | -H-- | M] () -- C:\WINDOWS.0\imsins.BAK
[2011/06/13 16:13:13 | 000,002,501 | -H-- | M] () -- C:\Documents and Settings\kh\Desktop\Microsoft Office Word 2003.lnk
[2011/05/29 19:49:46 | 000,001,843 | -H-- | M] () -- C:\Documents and Settings\kh\Desktop\Play games (EasyBits GO).lnk
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 20:15:59 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21815076r
[2011/06/26 20:15:58 | 000,000,208 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21815076
[2011/06/26 16:11:32 | 000,000,815 | -H-- | C] () -- C:\Documents and Settings\kh\Desktop\Windows XP Repair.lnk
[2011/06/26 16:11:25 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21815076
[2011/06/26 16:11:19 | 000,414,208 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21815076.exe
[2011/06/26 15:50:42 | 000,471,552 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe
[2011/05/29 19:49:46 | 000,001,849 | -H-- | C] () -- C:\Documents and Settings\kh\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/29 19:49:46 | 000,001,843 | -H-- | C] () -- C:\Documents and Settings\kh\Desktop\Play games (EasyBits GO).lnk
[2011/01/06 23:58:14 | 000,165,376 | -H-- | C] () -- C:\WINDOWS.0\System32\unrar.dll
[2009/11/26 11:59:05 | 000,000,664 | -H-- | C] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2009/09/10 09:57:24 | 000,000,771 | -H-- | C] () -- C:\Program Files\21A0185090005ZN.A00
[2009/09/10 09:55:02 | 000,045,056 | -H-- | C] () -- C:\WINDOWS.0\System32\LXF3PMON.DLL
[2009/09/10 09:55:02 | 000,032,768 | -H-- | C] () -- C:\WINDOWS.0\System32\LXF3FXPU.DLL
[2009/09/10 09:54:42 | 000,036,864 | -H-- | C] () -- C:\WINDOWS.0\System32\lxf3oem.dll
[2009/09/10 09:54:42 | 000,012,288 | -H-- | C] () -- C:\WINDOWS.0\System32\LXF3PMRC.DLL
[2009/08/04 13:22:00 | 000,000,095 | -H-- | C] () -- C:\WINDOWS.0\QBChanUtil_Trigger.ini
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS.0\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS.0\System32\OGAEXEC.exe
[2009/07/12 16:16:29 | 000,091,520 | -H-- | C] () -- C:\WINDOWS.0\System32\WebIQEngineSetup.exe
[2009/06/28 09:43:51 | 000,000,191 | -H-- | C] () -- C:\WINDOWS.0\wininit.ini
[2008/11/03 22:16:49 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\kh\Local Settings\Application Data\keyfile3.drm
[2008/08/25 13:32:58 | 000,140,514 | -H-- | C] () -- C:\WINDOWS.0\hpoins14.dat.temp
[2008/08/25 13:32:58 | 000,002,000 | -H-- | C] () -- C:\WINDOWS.0\hpomdl14.dat.temp
[2008/08/09 02:13:44 | 000,000,151 | -H-- | C] () -- C:\WINDOWS.0\PhotoSnapViewer.INI
[2008/07/24 19:23:49 | 000,000,057 | -H-- | C] () -- C:\WINDOWS.0\System32\imon1.dat
[2008/07/09 17:17:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS.0\System32\ezsidmv.dat
[2008/07/09 16:12:40 | 000,064,512 | -H-- | C] () -- C:\Documents and Settings\kh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 12:42:31 | 000,016,384 | -H-- | C] () -- C:\WINDOWS.0\System32\FileOps.exe
[2008/02/11 09:39:26 | 000,253,952 | -H-- | C] () -- C:\WINDOWS.0\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | -H-- | C] () -- C:\WINDOWS.0\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | -H-- | C] () -- C:\WINDOWS.0\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | -H-- | C] () -- C:\WINDOWS.0\System32\OnlineScannerUninstaller.exe
[2007/12/17 11:53:41 | 000,000,116 | -H-- | C] () -- C:\WINDOWS.0\NeroDigital.ini
[2007/12/05 14:30:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS.0\nsreg.dat
[2007/12/05 14:30:16 | 000,107,132 | -H-- | C] () -- C:\WINDOWS.0\UninstallFirefox.exe
[2007/12/05 14:29:59 | 000,002,293 | -H-- | C] () -- C:\WINDOWS.0\mozver.dat
[2007/12/05 13:20:38 | 000,000,039 | -H-- | C] () -- C:\WINDOWS.0\pal1234.ini
[2007/12/04 19:07:15 | 000,004,249 | -H-- | C] () -- C:\WINDOWS.0\ODBCINST.INI
[2007/12/04 19:05:20 | 000,359,344 | -H-- | C] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2007/12/04 13:49:40 | 000,000,382 | -H-- | C] () -- C:\WINDOWS.0\ODBC.INI
[2007/12/04 13:44:57 | 000,015,424 | -H-- | C] () -- C:\WINDOWS.0\System32\drivers\nod32drv.sys
[2007/12/04 13:43:35 | 000,015,360 | -H-- | C] () -- C:\WINDOWS.0\System32\BASSMOD.dll
[2007/12/04 13:20:58 | 000,049,152 | RH-- | C] () -- C:\WINDOWS.0\System32\ChCfg.exe
[2007/12/04 12:42:40 | 000,204,800 | RH-- | C] () -- C:\WINDOWS.0\System32\igfxCoIn_v4837.dll
[2007/12/04 12:42:35 | 000,910,464 | RH-- | C] () -- C:\WINDOWS.0\System32\igmedkrn.dll
[2007/12/04 12:38:03 | 000,016,480 | -H-- | C] () -- C:\WINDOWS.0\System32\rixdicon.dll
[2007/12/04 12:25:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS.0\bootstat.dat
[2007/12/04 12:16:09 | 000,021,640 | -H-- | C] () -- C:\WINDOWS.0\System32\emptyregdb.dat
[2007/08/15 07:27:18 | 000,009,600 | -H-- | C] () -- C:\WINDOWS.0\System32\drivers\n558.sys
[2007/07/27 14:49:02 | 000,225,355 | -H-- | C] () -- C:\WINDOWS.0\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | -H-- | C] () -- C:\WINDOWS.0\System32\lnod32apiA.dll
[2007/04/01 09:00:28 | 002,842,624 | -H-- | C] () -- C:\WINDOWS.0\System32\btwicons.dll
[2007/04/01 08:41:52 | 000,090,112 | -H-- | C] () -- C:\WINDOWS.0\System32\btprn2k.dll
[2005/12/05 19:25:22 | 000,139,264 | -H-- | C] () -- C:\WINDOWS.0\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | -H-- | C] () -- C:\WINDOWS.0\System32\lnod32upd.dll
[2004/08/04 19:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS.0\System32\oembios.bin
[2004/08/04 19:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS.0\System32\mlang.dat
[2004/08/04 19:00:00 | 000,444,822 | -H-- | C] () -- C:\WINDOWS.0\System32\perfh009.dat
[2004/08/04 19:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS.0\System32\perfi009.dat
[2004/08/04 19:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS.0\System32\dssec.dat
[2004/08/04 19:00:00 | 000,072,698 | -H-- | C] () -- C:\WINDOWS.0\System32\perfc009.dat
[2004/08/04 19:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS.0\System32\mib.bin
[2004/08/04 19:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS.0\System32\perfd009.dat
[2004/08/04 19:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS.0\System32\secupd.dat
[2004/08/04 19:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS.0\System32\oembios.dat
[2004/08/04 19:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS.0\System32\dcache.bin
[2004/08/04 19:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS.0\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS.0\System32\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | -H-- | C] () -- C:\WINDOWS.0\System32\UNACEV2.DLL
[2001/11/14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS.0\System32\lcppn21.dll

========== LOP Check ==========

[2007/12/04 13:43:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/08/04 13:21:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/05/08 11:06:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/06/25 23:02:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2009/07/17 17:32:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/28 12:27:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\mfmhepcf
[2009/01/05 20:09:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/12 11:33:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/23 16:54:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/14 14:03:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/08/23 16:24:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/15 13:20:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/08 10:25:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/04 13:46:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/05 09:41:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/12/04 13:55:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\ACD Systems
[2009/05/08 09:35:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\DataLayer
[2010/06/25 21:47:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\Facebook
[2011/06/25 21:02:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\go
[2009/10/03 22:58:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\Lexmark Productivity Studio
[2008/07/13 18:47:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\LimeWire
[2011/05/24 13:41:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\Nokia
[2007/12/13 17:22:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\Opera
[2010/09/16 22:32:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\PC Suite
[2011/06/26 01:42:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\kh\Application Data\uTorrent
[2011/06/26 21:35:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS.0\Tasks\MP Scheduled Scan.job
[2011/06/26 21:32:57 | 000,000,240 | -H-- | M] () -- C:\WINDOWS.0\Tasks\OGALogon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/11/19 17:53:56 | 000,000,630 | -H-- | M] ()(C:\Documents and Settings\kh\Desktop\?Torrent.lnk) -- C:\Documents and Settings\kh\Desktop\µTorrent.lnk
[2008/11/19 17:53:56 | 000,000,630 | -H-- | C] ()(C:\Documents and Settings\kh\Desktop\?Torrent.lnk) -- C:\Documents and Settings\kh\Desktop\µTorrent.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

and the Extras file :
OTL Extras logfile created on: 6/26/2011 10:12:38 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 280.93 Mb Available Physical Memory | 27.70% Memory free
1.63 Gb Paging File | 1.04 Gb Available in Paging File | 63.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 31.86 Gb Total Space | 7.67 Gb Free Space | 24.06% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 7.27 Gb Free Space | 6.20% Space Free | Partition Type: NTFS

Computer Name: KH-44C98C6F6EEB | User Name: kh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\domainprofile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\standardprofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
"5191:TCP" = 5191:TCP:*:Enabled:The Browser Highlighter XCOM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:PowerDVD -- (CyberLink Corp.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS.0\system32\lxddcoms.exe" = C:\WINDOWS.0\system32\lxddcoms.exe:*:Enabled:2500 Series Server
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application
"C:\Program Files\tbh\base\bin\tbhDaemon.exe" = C:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon -- ()
"C:\Program Files\tbh\monitor\bin\tbhMonitor.exe" = C:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor -- ()
"C:\WINDOWS.0\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS.0\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled:
"C:\WINDOWS.0\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS.0\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled:
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled:


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E6FDBFA-7BF9-4C6D-9FAA-5ACF27710361}" = CCU680 USB Modem
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# 1.1 Redistributable Package
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.215_Foxconn Installation Program
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64649281-4B5D-4425-A0F7-E79F6756FFC8}" = Tweak UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
"{69DEB2BE-5948-4C25-85A4-1C0B0A7F95CD}" = Macromedia Authorware 7.01
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000ff1ce}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DBDFA37B-CFC7-4C37-98F8-04CF326CD327}_is1" = FlashFXP v3
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package SE
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.56_Foxconn Installation Program
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0.5 Professional
"Adobe AIR" = Adobe AIR
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"EsetOnlineScanner" = ESET Online Scanner
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"FlashGet" = FlashGet 1.9.0.1012
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package SE" = Microsoft Visual J# 2.0 Redistributable Package SE
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MixVibesPRO.exe" = MixVibes PRO 5 uninstall
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 antivirus system
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"ST6UNST #1" = Thai Translator Tool
"ST6UNST #2" = EnglishToThai
"Super Fast Shutdown_is1" = Super Fast Shutdown 1.0
"TimeMe Timer Stopwatch CL_is1" = TimeMe Timer Stopwatch CL 1.4.5
"ToolBox" = NCH Toolbox
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Volumouse" = NirSoft Volumouse
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"แปลไทย 3.3" = แปลไทย 3.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = EasyBits GO
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2011 9:16:24 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Hang | ID = 1002
Description = Hanging application 21815076.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 9:37:52 AM | Computer Name = KH-44C98C6F6EEB | Source = OviSuite | ID = 1
Description = 26/06/2011 20:37:52 (OviSuite) - ERROR - DAL, Thread GUI, Line
378, .\Application\CDalUnified.cpp, DalPluginLoader::GetPluginLists(): No DAL plugins
found.

Error - 6/26/2011 9:38:18 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Error | ID = 1000
Description = Faulting application nokiaovisuite.exe, version 2.2.0.245, faulting
module nokiaovisuite.exe, version 2.2.0.245, fault address 0x0002461e.

Error - 6/26/2011 9:39:04 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Hang | ID = 1002
Description = Hanging application 21815076.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 10:05:29 AM | Computer Name = KH-44C98C6F6EEB | Source = OviSuite | ID = 1
Description = 26/06/2011 21:05:29 (OviSuite) - ERROR - DAL, Thread GUI, Line
378, .\Application\CDalUnified.cpp, DalPluginLoader::GetPluginLists(): No DAL plugins
found.

Error - 6/26/2011 10:06:09 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Error | ID = 1000
Description = Faulting application nokiaovisuite.exe, version 2.2.0.245, faulting
module nokiaovisuite.exe, version 2.2.0.245, fault address 0x0002461e.

Error - 6/26/2011 10:06:25 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Hang | ID = 1002
Description = Hanging application 21815076.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 10:33:12 AM | Computer Name = KH-44C98C6F6EEB | Source = OviSuite | ID = 1
Description = 26/06/2011 21:33:12 (OviSuite) - ERROR - DAL, Thread GUI, Line
378, .\Application\CDalUnified.cpp, DalPluginLoader::GetPluginLists(): No DAL plugins
found.

Error - 6/26/2011 10:34:09 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Hang | ID = 1002
Description = Hanging application 21815076.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 10:34:48 AM | Computer Name = KH-44C98C6F6EEB | Source = Application Error | ID = 1000
Description = Faulting application nokiaovisuite.exe, version 2.2.0.245, faulting
module nokiaovisuite.exe, version 2.2.0.245, fault address 0x0002461e.

[ System Events ]
Error - 6/26/2011 8:29:46 AM | Computer Name = KH-44C98C6F6EEB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 6/26/2011 8:29:46 AM | Computer Name = KH-44C98C6F6EEB | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/26/2011 8:53:02 AM | Computer Name = KH-44C98C6F6EEB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 6/26/2011 8:53:02 AM | Computer Name = KH-44C98C6F6EEB | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/26/2011 9:13:47 AM | Computer Name = KH-44C98C6F6EEB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001E4C25C7D5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/26/2011 9:14:05 AM | Computer Name = KH-44C98C6F6EEB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 6/26/2011 9:14:05 AM | Computer Name = KH-44C98C6F6EEB | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/26/2011 9:37:19 AM | Computer Name = KH-44C98C6F6EEB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001E4C25C7D5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/26/2011 10:03:16 AM | Computer Name = KH-44C98C6F6EEB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001E4C25C7D5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/26/2011 10:27:14 AM | Computer Name = KH-44C98C6F6EEB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001E4C25C7D5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 26 June 2011 - 06:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [ijCpBkofHCxnSJo] C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe ()
O4 - HKCU..\Run: [protect_autorun] C:\Program Files\phand\CPE17AntiAutorun.exe ()
O4 - HKCU..\Run: [Search Protection] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
[2011/06/26 20:15:59 | 000,000,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21815076
[2011/06/26 20:15:59 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21815076r
[2011/06/26 16:11:32 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\kh\Desktop\Windows XP Repair.lnk
[2011/06/26 16:11:25 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21815076
[2011/06/26 16:11:19 | 000,414,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21815076.exe
[2011/06/26 15:50:38 | 000,471,552 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe
[2011/06/26 16:11:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kh\Start Menu\Programs\Windows XP Repair

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Program Files\phand
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download, Save and Run unhide.exe from

http://download.blee...nler/unhide.exe

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#3
jackjungle
Posted 27 June 2011 - 02:35 AM

jackjungle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ijCpBkofHCxnSJo deleted successfully.
C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\protect_autorun deleted successfully.
C:\Program Files\phand\CPE17AntiAutorun.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS.0\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\~21815076 moved successfully.
C:\Documents and Settings\All Users\Application Data\~21815076r moved successfully.
C:\Documents and Settings\kh\Desktop\Windows XP Repair.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\21815076 moved successfully.
C:\Documents and Settings\All Users\Application Data\21815076.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ijCpBkofHCxnSJo.exe moved successfully.
C:\Documents and Settings\kh\Start Menu\Programs\Windows XP Repair folder moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Get OpenOffice.org.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\My Bluetooth Places.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\WinZip.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Acrobat Distiller 7.0.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Acrobat_com.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Acrobat 7.0 Professional.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Bridge.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Designer 7.0.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Help Center.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Illustrator CS2.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe ImageReady CS2.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop CS2.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\FlashFXP.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\My Bluetooth Places.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Windows Defender.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Bluetooth File Transfer Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\ACD Systems\ACDSee 9 Photo Manager.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\ACD Systems\ACDSee Showroom.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Adobe\ExtendScript Toolkit.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Business Related Programs\Accounting Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Business Related Programs\Inventory Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Business Related Programs\Invoicing Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Business Related Programs\Team Tracking Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Business Related Programs\Time Tracking Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CMO\EVDO Modem User Manual(CCU680).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CMO\EVDO(CCU680).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Bitstream Font Navigator.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Corel CAPTURE 12.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Corel PHOTO-PAINT 12.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Corel R.A.V.E. 3.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Corel Update.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\CorelDRAW 12.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\CorelTRACE 12.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Duplexing Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\SB Profiler.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\Corel PHOTO-PAINT 12 Quick Reference (PDF).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\Corel PHOTO-PAINT 12 VBA Object Model (PDF).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\Corel PHOTO-PAINT Tutorials.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\Corel R.A.V.E. 3 Quick Reference (PDF).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\Corel R.A.V.E. 3 Tutorials.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\CorelDRAW 12 Programming Guide for VBA (PDF).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\CorelDRAW 12 Quick Reference (PDF).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\CorelDRAW 12 Tutorials.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\CorelDRAW 12 VBA Object Model (PDF).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\CorelDRAW Graphics Suite 12\Documentation\CorelDRAW Graphics Suite 12 Readme.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Eset\Help.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Eset\NOD32 Control Center.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Eset\NOD32.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Eset\Read me.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Eset\Uninstall NOD32 FiX.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Eset\Uninstall.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Airstrike.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Alien Sky.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Ancient Tripeaks.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Astrobatics.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Atomaders.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Blackjack.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Bounce Out Blitz.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Bounce Out.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Candy Cruncher.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Chainz.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Collapse Crunch.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Collapse II.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Collapse.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Combo Chaos.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Dominoes.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Feeding Frenzy.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Flip Words.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Fruit Frolic.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Gem Drop.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Glinx.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Gutterball.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Hamsterball.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Hello.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Inspector Parker.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Jewel Quest.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Jigsaw.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Lemonade Tycoon.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Letter Linker.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Mad Caps.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Magic Ball.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Magic Inlay.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Mah Jong.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Nickelodeon Jigsaw.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Nisqually.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\PileUp.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Pin High Country Club Golf.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Platypus.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Pool.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\PopNDrop.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Puzzle Express.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Puzzle Inlay.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Ricochet Lost Worlds.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Ricochet.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Rumble Cube.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Shape Shifter.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Slingo.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Slots.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Solitaire I.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Solitaire II.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Solitaire III.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\SpongeBob Collapse.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Tap A Jam.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Ten Pin Championship Bowling Pro.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\TextTwist.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Turtle Bay.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Varmintz.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Walls of Jericho.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\WHATword.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Wild Wild Words.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Word Jolt.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Zuma.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Google Earth.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in DirectX mode.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth .lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Google Updater\Google Updater.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Google Updater\Uninstall Google Updater.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet All-In-One F2100 series\Help.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet All-In-One F2100 series\Product Registration.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet All-In-One F2100 series\Product Support Website.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet All-In-One F2100 series\Readme.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet All-In-One F2100 series\Uninstall.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\Deskjet F2100 series\Install Manual in Other Languages .lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Essential 2.01\HP Photosmart Essential 2.01.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iDump (Freeware)\iDump (Freeware).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iDump (Freeware)\Make a Donation.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iDump (Freeware)\Online Help.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Inventoria Stock Manager\Inventoria Stock Manager Help.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Inventoria Stock Manager\Inventoria Stock Manager.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Access 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Excel 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office InfoPath 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Outlook 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Publisher 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Word 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\iTunes\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Cartridge Diagnostic Wizard.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Imaging Studio.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Lexmark Solution Center.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Readme.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\Uninstall Lexmark 2500 Series.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark 2500 Series\User's Guide.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Lexmark Fax Solutions.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Lexmark Fax Solutions\Uninstall Lexmark Fax Solutions.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Authorware 7.0.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Dreamweaver MX 2004.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Extension Manager.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Flash MX.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Flash Players.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files\Macromedia Authorware 7.0 Readme.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files\Macromedia Dreamweaver MX 2004 Readme.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files\Macromedia Extension Manager Readme.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files\Macromedia Flash MX Readme.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\McAfee Security Scan Plus\Uninstall.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2003.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Express Dictate Recorder.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Express Rip CD Ripper.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Express Talk Softphone.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Golden Records LP Converter.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\IVM Telephone Answering Attendant.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Prism Video File Format Converter.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\Switch Sound File Converter.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\VRS Sound Recorder.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Software Suite\WavePad Sound Editor.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\NCH Toolbox\NCH Toolbox.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Nero Home.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Nero ProductSetup.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Nero StartSmart.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\audio\Nero Burning ROM.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\audio\Nero Express.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\audio\Nero SoundTrax.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\audio\Nero WaveEditor.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\data\Nero BackItUp.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\data\Nero Burning ROM.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\data\Nero Express.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Labels\Nero CoverDesigner.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero BackItUp [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero Burning ROM [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero CoverDesigner [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero PhotoSnap [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero ShowTime [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero SoundTrax [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Manuals\Nero WaveEditor [English Help].lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Photo and Video\Nero PhotoSnap Viewer.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Photo and Video\Nero PhotoSnap.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Photo and Video\Nero Recode.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Photo and Video\Nero Vision.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Play\Nero ShowTime.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Share\Nero MediaHome.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Tools\Nero CD-DVD Speed.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Tools\Nero DriveSpeed.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Tools\Nero ImageDrive.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nero 7 Premium\Tools\Nero InfoTool.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nokia\Nokia Ovi Suite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nokia PC Suite\Nokia PC Suite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nokia PC Suite\Uninstall Nokia PC Suite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Nokia PC Suite\User's Guide for Nokia PC Suite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Alchemy.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\AstroPop.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Atomica.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Bejeweled.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Big Money.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\BookWorm.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Dynomite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Insaniquarium.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Mummy Maze.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Ningpo Mahjong.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Noah's Ark.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Pixelus.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Rocket Mania.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Seven Seas.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\TipTop.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Typer Shark.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\PopCap Games\Zuma.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Powertoys for Windows XP\Tweak UI.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\QuickBooks\QuickBooks Simple Start 2009.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\QuickBooks\Web Connector.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Import Media Files.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\PMB.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Help\PMB Guide.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Support\Software Support.url
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Information Tool.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Location Settings Tool.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Media Check Tool.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Sony Picture Utility\Tools\Settings Initialization Tool.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Startup\Bluetooth.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Startup\McAfee Security Scan Plus.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Startup\QuickBooks Update Agent.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Super Fast Shutdown\Super Fast Reboot.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Super Fast Shutdown\Super Fast Shutdown.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\The Browser Highlighter\The Browser Highlighter.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\The Browser Highlighter\Uninstall.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\ThreatFire\ThreatFire on the Web.url
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\TimeMe\Timer Stopwatch CL\Timer Stopwatch CL.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\TimeMe\Timer Stopwatch CL\Uninstall Timer Stopwatch CL.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Utilities\Backup Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Utilities\CD, DVD, BluRay Burner.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Utilities\Encryption and Decryption Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Utilities\FTP Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Utilities\Typing Expander Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Utilities\Uploader Software.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Winamp\Uninstall Winamp.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Winamp\What's New.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\Winamp\Winamp.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\WinZip\Help Manual.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\WinZip\ReadMe.txt.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\1\Programs\WinZip\WinZip 11.0 .lnk
321 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\FlashFXP.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\FlashGet.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\Launch Microsoft Office Outlook.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\Nero StartSmart.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\QuickTime Player.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\Winamp.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\2\?Torrent.lnk
11 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\ACDSee 9 Photo Manager.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Acrobat_com.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Acrobat 7.0 Professional.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\C-motech EV-DO Rev.A(CCU680).lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\CyberLink PowerDVD.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Get OpenOffice.org.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Google Earth.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Inventoria Stock Manager.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Lexmark Imaging Studio - 2500 Series.LNK
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\McAfee Security Scan Plus.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\NCH Toolbox.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Nokia Ovi Suite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Nokia PC Suite.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Skype.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\VLC media player.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Winamp.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\WinZip.lnk
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Reader 9 Installer\abcpy.ini
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Reader 9 Installer\AcroRead.msi
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Reader 9 Installer\Data1.cab
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Reader 9 Installer\Setup.exe
C:\DOCUME~1\kh\LOCALS~1\Temp\smtmp\4\Adobe Reader 9 Installer\setup.ini
26 File(s) copied
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
Folder move failed. C:\Program Files\phand scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS.0\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_152822

Files\Folders moved on Reboot...
C:\Program Files\phand folder moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
jackjungle
Posted 27 June 2011 - 06:40 AM

jackjungle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6957

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/27/2011 7:18:31 PM
mbam-log-2011-06-27 (19-18-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 296505
Time elapsed: 2 hour(s), 59 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\WINDOWS.0\system32\0F6226 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS.0\system32\5A8DCC (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS.0\system32\76682F (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS.0\system32\ACF7EF (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\ijcpbkofhcxnsjo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
d:\software\adobe.photoshop.cs2\Crack\photoshop_cs2_keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\software\authorware7\keygen\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\06272011_152822\c_documents and settings\all users\application data\ijcpbkofhcxnsjo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\shell.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\kh\local settings\Temp\E_N4\spec.fne (Worm.Autorun) -> Quarantined and deleted successfully.
  • 0

#5
jackjungle
Posted 27 June 2011 - 08:51 AM

jackjungle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Fix Now button NOT ENABLED

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-27 20:37:55
-----------------------------
20:37:55.937 OS Version: Windows 5.1.2600 Service Pack 3
20:37:55.937 Number of processors: 2 586 0xF0D
20:37:55.937 ComputerName: KH-44C98C6F6EEB UserName: kh
20:37:58.187 Initialize success
21:03:22.890 AVAST engine defs: 11062700
21:06:36.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:06:36.921 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
21:06:36.953 Disk 0 MBR read successfully
21:06:36.953 Disk 0 MBR scan
21:06:36.953 Disk 0 Windows XP default MBR code
21:06:36.968 Disk 0 scanning sectors +312576705
21:06:37.000 Disk 0 scanning C:\WINDOWS.0\system32\drivers
21:06:53.828 Service scanning
21:06:54.953 Disk 0 trace - called modules:
21:06:54.984 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
21:06:54.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f6aab8]
21:06:55.000 3 CLASSPNP.SYS[f75adfd7] -> nt!IofCallDriver -> \Device\00000077[0x86f6bf18]
21:06:55.000 5 ACPI.sys[f7414620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86efe028]
21:06:56.515 AVAST engine scan C:\WINDOWS.0
21:36:25.734 AVAST engine scan C:\Documents and Settings\kh
21:40:24.375 AVAST engine scan C:\Documents and Settings\All Users
21:42:13.640 Scan finished successfully
21:45:03.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\kh\Desktop\MBR.dat"
21:45:03.890 The log file has been saved successfully to "C:\Documents and Settings\kh\Desktop\aswMBR.txt"

Is there anything else I should do? Should I say thank you now? If so THANK YOU RON!!!

Is AVAST the best Anti virus? I use NOD32.

Thanks again
  • 0

#6
RKinner
Posted 27 June 2011 - 01:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see the Combofix log?

I take it things are a lot better than they were?

I've very fond of Avast - especially since they hired the guy who rote the GMER anti-rootkit program. I think it's now the best free anti-virus and their boot-time scan has fixed some things for me that nothing else could. However the ESET online scan is one of our best tools so they are not bad. I haven't really kept up on the results of head to head anti-virus competitions so I can't say who is best these days tho Avast is what I use on my home system.

Ron
  • 0

#7
jackjungle
Posted 28 June 2011 - 12:03 AM

jackjungle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Yes, sorry you are right Here is the combo fix log anyway just incase you spot something from there.

Ok I think I will leave the ESET for now as it doesnt seem enough to change now, and it did pick up the virus - although a little late to prevent.

Anyway things seems fine so again thanks for your expert advice!!!

jackjungle

ComboFix 11-06-26.02 - kh 06/27/2011 20:09:13.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.1014.341 [GMT 7:00]
Running from: d:\downloads\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\kh\WINDOWS
D:\Uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))
.
.
2011-06-27 08:55 . 2011-05-29 02:11 39984 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2011-06-27 08:55 . 2011-05-29 02:11 22712 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-06-24 09:33 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0D709A2E-2C8C-4DB7-85CB-1648D8AFAA4D}\mpengine.dll
2011-06-24 09:28 . 2011-06-24 09:28 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 09:28 . 2011-06-24 09:28 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-16 11:45 . 2010-12-20 17:32 551936 -c----w- c:\windows.0\system32\dllcache\oleaut32.dll
2011-06-16 11:11 . 2011-04-21 13:37 105472 -c----w- c:\windows.0\system32\dllcache\mup.sys
2011-05-29 12:49 . 2011-06-25 14:02 -------- d-----w- c:\documents and settings\kh\Application Data\go
2011-05-29 12:49 . 2011-06-25 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2008-07-15 11:29 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-24 12:14 . 2009-10-03 03:50 222080 ------w- c:\windows.0\system32\MpSigStub.exe
2011-05-02 15:31 . 2007-12-04 05:16 692736 ----a-w- c:\windows.0\system32\inetcomm.dll
2011-04-29 16:19 . 2007-10-27 01:31 456320 ----a-w- c:\windows.0\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2007-10-27 01:35 916480 ----a-w- c:\windows.0\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows.0\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows.0\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows.0\system32\html.iec
2011-04-21 13:37 . 2007-10-27 01:32 105472 ----a-w- c:\windows.0\system32\drivers\mup.sys
2011-06-24 09:28 . 2011-03-27 02:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows.0\IME\imjp8_1\IMJPMIG.EXE" [2007-10-27 208952]
"PHIME2002ASync"="c:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows.0\system32\igfxtray.exe" [2007-06-12 142104]
"HotKeysCmds"="c:\windows.0\system32\hkcmd.exe" [2007-06-12 162584]
"Persistence"="c:\windows.0\system32\igfxpers.exe" [2007-06-12 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-04 949376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows.0\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"CMO_CCU680"="c:\program files\CMO\CCU680\BIN\RDVCHG.EXE" [2007-11-12 316664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-08 623880]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-06-27 492840]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-12-02 434176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\kh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-25 390432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows.0\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-4-19 25214]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\FlashFXP\\flashfxp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
.
R1 nod32drv;nod32drv;c:\windows.0\system32\drivers\nod32drv.sys [12/4/2007 1:44 PM 15424]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows.0\system32\drivers\hidshim.sys [12/4/2007 12:39 PM 5632]
R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows.0\system32\drivers\winbondhidcir.sys [12/4/2007 12:39 PM 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 8:39 AM 135664]
S3 cmusbser;%CMUSBSER%;c:\windows.0\system32\drivers\cmusbser.sys [7/8/2008 12:47 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 8:39 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows.0\system32\drivers\mbamswissarmy.sys [6/27/2011 3:55 PM 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 PM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-21 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]
.
2011-06-27 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 01:39]
.
2011-06-27 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 01:39]
.
2011-06-27 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 12:20]
.
2011-06-27 c:\windows.0\Tasks\OGALogon.job
- c:\windows.0\system32\OGAEXEC.exe [2009-08-03 08:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows.0\system32\imon.dll
Trusted Zone: apple.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\kh\Application Data\Mozilla\Firefox\Profiles\74hr98ny.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{DB41CDF3-FC6B-4063-BA3E-BD94EF958B82} - (no file)
Notify-WgaLogon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(932)
c:\windows.0\system32\imon.dll
.
Completion time: 2011-06-27 20:28:02
ComboFix-quarantined-files.txt 2011-06-27 13:27
.
Pre-Run: 8,023,937,024 bytes free
Post-Run: 9,767,849,984 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D4D0A9A2D9679DCE58823A46C3F01D73
  • 0

#8
RKinner
Posted 28 June 2011 - 12:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

If you run OTL, and click on the Cleanup tab it will remove itself and its backup files and a few of our standard tools.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 26). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP