Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Abcjump and related Malware


  • Please log in to reply

#1
PoonXD

PoonXD

    New Member

  • Member
  • Pip
  • 1 posts
I only notice two real problems so far, one is that google searches sometimes take me to abcjump sites instead, and the other is that the file "msxhuwohfn.dll" comes up as infected but when it is removed, every application comes up with the error "cannot find file msxhuwohfn.dll" multiple times.

Here are my Mbam, Rooter, and OTListIt2 logs. Thanks for any reply and help.


Malwarebytes' Anti-Malware 1.34
Database version: 1899
Windows 5.1.2600 Service Pack 3

3/26/2009 12:57:44 AM
mbam-log-2009-03-26 (00-57-44).txt

Scan type: Quick Scan
Objects scanned: 77291
Time elapsed: 17 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.






Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:35016 Mo/Free:2696 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

2009-03-26|12:01

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
---------- C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
---------- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 2009-03-26|12:02

----------------------\\ Scan completed at 12:02






OTListIt logfile created on: 2009-03-26 12:06:30 - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Poon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

503.37 Mb Total Physical Memory | 119.18 Mb Available Physical Memory | 23.68% Memory free
1.05 Gb Paging File | 0.51 Gb Available in Paging File | 48.75% Paging File free
Paging file location(s): C:\pagefile.sys 600 1000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 2.63 Gb Free Space | 7.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAGO_JR
Current User Name: Poon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
PRC - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (Juniper Networks, Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Poon\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (.EsetTrialReset [Auto | Stopped]) -- C:\WINDOWS\system32\regedt32.exe (Microsoft Corporation)
SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Adobe LM Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EacService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe (Juniper Networks)
SRV - (EhttpSrv [On_Demand | Stopped]) -- File not found
SRV - (ekrn [Auto | Stopped]) -- File not found
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (JuniperAccessService [Auto | Running]) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (odClientService [Auto | Running]) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (Juniper Networks, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (RioMSC [Disabled | Stopped]) -- C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Ad-Watch Connect Filter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NSDriver.sys (Lavasoft AB)
DRV - (Ad-Watch Real-Time Scanner [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AWRTPD.sys (Lavasoft AB)
DRV - (Ad-Watch Registry Filter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AWRTRD.sys (Lavasoft AB)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (Asapi [System | Running]) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DVDRIVER [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dvdriver.sys (Eagletron Inc.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (jnprna [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\jnprna.sys (Juniper Networks, Inc.)
DRV - (JnprVaMgr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\jnprvamgr.sys (Juniper Networks, Inc.)
DRV - (lmimirr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motport.sys (Motorola)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (odFips [Boot | Running]) -- C:\WINDOWS\system32\drivers\odFips.sys (Funk Software, Inc.)
DRV - (PAC7311 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (pgfilter [On_Demand | Stopped]) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (PinnacleMarvinUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys (Pinnacle Systems)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RapFile [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RapFile.sys (Internet Security Systems, Inc.)
DRV - (RapNet [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RapNet.sys (Internet Security Systems, Inc.)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (VRVD302 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\VRVD302.sys (Rsupport Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.3
FF - prefs.js..extensions.enabledItems: {819EF819-2C66-4047-8A9B-C3F23A74482B}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{819EF819-2C66-4047-8A9B-C3F23A74482B}: C:\DOCUMENTS AND SETTINGS\POON\LOCAL SETTINGS\APPLICATION DATA\{819EF819-2C66-4047-8A9B-C3F23A74482B}\ [2009-03-23 14:58:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-03-07 14:07:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-03-07 14:07:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

[2008-07-10 00:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Extensions
[2008-07-10 00:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-03-25 18:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions
[2009-03-15 10:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-02-07 18:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008-11-27 02:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009-03-03 18:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-01-11 22:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-02-06 01:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-03-25 18:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2009-03-25 18:27:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-02-21 16:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009-02-25 01:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\[email protected]
[2009-02-21 15:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\[email protected]
[2008-10-21 14:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Poon\Application Data\mozilla\Firefox\Profiles\qr4ar33y.default\extensions\[email protected]
[2009-03-25 18:29:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-03-07 14:07:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-01-26 16:15:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009-01-27 15:56:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-02-19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-02-19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-02-19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-02-19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-02-19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-02-19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-02-19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-02-19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-02-19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303896 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10475 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Poon\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} http://game.netmarbl...MStarterJP7.cab (NMJPStarter17 Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClient Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\system32\odyEvent.dll (Juniper Networks, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{fdeca642-2487-11dd-a105-00166faaae2a}\Shell - "" = AutoRun
O33 - MountPoints2\{fdeca642-2487-11dd-a105-00166faaae2a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdeca642-2487-11dd-a105-00166faaae2a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009-03-26 12:01:05 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-03-26 12:00:33 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Poon\Desktop\OTListIt2.exe
[2009-03-26 12:00:26 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\Rooter.exe
[2009-03-26 11:40:30 | 00,141,372 | ---- | C] () -- C:\WINDOWS\System32\MSXHUWOHFN.DLL
[2009-03-26 02:16:55 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009-03-26 02:16:40 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009-03-26 02:09:49 | 00,000,000 | ---D | C] -- C:\Avenger
[2009-03-26 01:54:33 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24230.exe
[2009-03-26 01:54:33 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-03-26 01:42:03 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20364.exe
[2009-03-26 01:23:02 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-03-26 01:23:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-03-26 01:23:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-03-26 01:23:01 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-03-26 01:23:01 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-03-26 01:23:01 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-03-26 01:23:01 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-03-26 01:23:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-03-26 01:23:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-03-26 01:15:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-03-26 01:15:45 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16644.exe
[2009-03-26 01:15:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-03-26 00:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Application Data\Malwarebytes
[2009-03-26 00:33:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-03-26 00:33:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-03-26 00:33:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-03-26 00:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-03-26 00:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-03-26 00:31:07 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009-03-26 00:31:01 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-03-25 23:56:10 | 02,934,705 | R--- | C] () -- C:\Documents and Settings\Poon\Desktop\ComboFix.exe
[2009-03-25 23:44:35 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009-03-25 14:53:47 | 00,014,526 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\ENG Project 4.odt
[2009-03-24 18:22:49 | 00,169,532 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\fulltext.pdf
[2009-03-23 15:35:18 | 00,017,235 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\English Project 3 FINAL.odt
[2009-03-23 14:58:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Local Settings\Application Data\{819EF819-2C66-4047-8A9B-C3F23A74482B}
[2009-03-23 00:43:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Desktop\FL sounds
[2009-03-22 17:11:51 | 14,476,0294 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\3-22-09 backup.reg
[2009-03-22 16:55:59 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-03-22 16:55:59 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-03-22 16:55:58 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-03-22 16:55:49 | 34,433,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-03-22 16:55:49 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009-03-22 16:55:49 | 00,066,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-03-22 16:55:48 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009-03-22 16:55:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009-03-22 16:55:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009-03-22 03:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Local Settings\Application Data\ESET
[2009-03-20 14:13:55 | 01,187,466 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\Tim and Eric - Raz.mp3
[2009-03-19 22:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009-03-19 22:45:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009-03-19 22:24:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009-03-19 16:17:13 | 01,979,625 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\IMG_0337 copy.psd
[2009-03-19 13:24:18 | 00,005,406 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009-03-19 12:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\RESET
[2009-03-19 01:51:52 | 00,073,035 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\dandsig.jpg
[2009-03-18 03:42:11 | 02,400,017 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\oldschool.psd
[2009-03-17 23:10:44 | 00,012,864 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\codec.mp3
[2009-03-17 22:56:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009-03-15 11:39:57 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009-03-13 10:06:30 | 00,357,101 | ---- | C] () -- C:\WINDOWS\reset.exe
[2009-03-12 23:13:53 | 00,016,545 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Dialogue Response 2.odt
[2009-03-12 21:20:29 | 00,015,930 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Dialogue Response 1.odt
[2009-03-08 16:14:09 | 02,247,331 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\3-7-09.mp3
[2009-03-07 19:30:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Desktop\New Folder
[2009-03-05 18:20:47 | 05,371,983 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\two face.psd
[2009-03-05 13:47:57 | 29,344,0331 | ---- | C] () -- C:\Documents and Settings\Poon\Desktop\A Texan Odyssey.mp4
[2009-03-05 13:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\My Documents\Red Kawa
[2009-03-05 13:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Application Data\Red Kawa
[2009-03-05 13:27:42 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2009-03-05 02:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009-03-03 21:02:17 | 00,014,426 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-6.odt
[2009-03-03 20:41:21 | 00,014,388 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-5.odt
[2009-03-03 20:01:14 | 00,017,350 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\ENG Project 2 FINAL.odt
[2009-03-01 00:52:50 | 00,014,073 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-4.odt
[2009-03-01 00:29:21 | 00,013,858 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-3.odt
[2009-03-01 00:03:03 | 00,013,424 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-2.odt
[2009-02-27 12:05:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Desktop\Dentist
[2009-02-27 00:46:15 | 00,015,380 | ---- | C] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-1.odt
[2009-02-24 21:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Poon\Desktop\Desktop

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009-03-26 12:00:33 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Poon\Desktop\OTListIt2.exe
[2009-03-26 12:00:27 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\Rooter.exe
[2009-03-26 11:38:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-03-26 11:37:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-03-26 11:36:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-03-26 02:16:55 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009-03-26 01:53:56 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24230.exe
[2009-03-26 01:34:12 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20364.exe
[2009-03-26 01:15:12 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16644.exe
[2009-03-26 00:33:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-03-26 00:31:07 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009-03-26 00:29:18 | 00,005,406 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009-03-26 00:13:52 | 00,002,077 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009-03-25 23:57:16 | 02,934,705 | R--- | M] () -- C:\Documents and Settings\Poon\Desktop\ComboFix.exe
[2009-03-25 20:02:29 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Poon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-25 18:52:34 | 34,433,469 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-03-25 18:52:34 | 00,066,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-03-25 17:55:11 | 00,014,526 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\ENG Project 4.odt
[2009-03-24 22:53:32 | 00,017,235 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\English Project 3 FINAL.odt
[2009-03-24 20:03:07 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2009-03-24 20:03:07 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009-03-24 20:03:07 | 00,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2009-03-24 18:22:49 | 00,169,532 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\fulltext.pdf
[2009-03-22 17:59:04 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2009-03-22 17:12:41 | 14,476,0294 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\3-22-09 backup.reg
[2009-03-22 16:55:59 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-03-22 16:55:59 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-03-22 16:55:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-03-22 16:55:49 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009-03-22 16:55:49 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009-03-21 01:06:00 | 01,187,466 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\Tim and Eric - Raz.mp3
[2009-03-20 12:22:21 | 01,498,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-03-19 22:04:32 | 00,049,712 | ---- | M] () -- C:\Documents and Settings\Poon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-03-19 21:57:41 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\My Sharing Folders.lnk
[2009-03-19 16:18:02 | 01,979,625 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\IMG_0337 copy.psd
[2009-03-19 01:54:33 | 00,073,035 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\dandsig.jpg
[2009-03-19 00:35:43 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2009-03-18 03:42:14 | 02,400,017 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\oldschool.psd
[2009-03-17 23:13:34 | 00,012,864 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\codec.mp3
[2009-03-13 13:28:35 | 00,357,101 | ---- | M] () -- C:\WINDOWS\reset.exe
[2009-03-12 23:13:54 | 00,016,545 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Dialogue Response 2.odt
[2009-03-12 21:20:30 | 00,015,930 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Dialogue Response 1.odt
[2009-03-11 15:50:47 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll
[2009-03-10 14:54:56 | 00,565,516 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-03-10 14:54:56 | 00,471,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-03-10 14:54:56 | 00,084,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-03-08 18:06:37 | 00,000,284 | ---- | M] () -- C:\WINDOWS\esettrialreset.reg
[2009-03-08 16:16:30 | 02,247,331 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\3-7-09.mp3
[2009-03-07 13:59:08 | 00,303,896 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-03-05 18:20:56 | 05,371,983 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\two face.psd
[2009-03-05 14:25:02 | 29,344,0331 | ---- | M] () -- C:\Documents and Settings\Poon\Desktop\A Texan Odyssey.mp4
[2009-03-03 21:02:17 | 00,014,426 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-6.odt
[2009-03-03 20:41:22 | 00,014,388 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-5.odt
[2009-03-03 20:01:14 | 00,017,350 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\ENG Project 2 FINAL.odt
[2009-03-01 00:52:51 | 00,014,073 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-4.odt
[2009-03-01 00:29:22 | 00,013,858 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-3.odt
[2009-03-01 00:03:15 | 00,013,424 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-2.odt
[2009-02-27 00:46:20 | 00,015,380 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\Workshop 2-1.odt
[2009-02-25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-02-25 08:38:46 | 00,015,449 | ---- | M] () -- C:\Documents and Settings\Poon\My Documents\English Project 3.odt
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP