[Wasuremono]

Hi there,

It looks like I'm to my last resort here. Basically I got infected somehow (I assume torrents), and I tried Spybot and Ad-aware with no luck. Of note were the symptoms of pop-ups, page redirects, and seemingly slow speeds. With my original two programs not doing the trick I began quite a journey of trying to remove everything.

(the following details what steps I have taken, and how I arrived to where I am now. Further down is my present status)

At first it seemed like I was infected with something called Virtumonde, which I was happy to find some solutions to through some searching. I ended up finding Malwarebytes' Anti-Malware and I found quite a lot of goodies on my computer, which I happily deleted. But then came the fun part. Somehow, nothing really seemed to be getting cleaned. I ran Spybot and Mbam repeatedly, cleaned up, and then some time later when I checked again I would still have a couple trojans or viruses lurking around or sometimes as many as 15. I found it interesting that the names of these things weren't the same every time either. Sometimes I would find virtumonde, zlob, one time vundo, other times a lot of something called Trojan.TDSS and .Agent. One time I had some folder created, C:/Avenger, with some malware in it. Every time I would try to scan and clean in safe mode, then in a regular start up, but to no avail. It definitely felt as if I was somehow vulnerable through the internet.

So I eventually found this website, and I started lurking through threads, reading guides, and downloading new software. I've never really used firewalls, anti-virus, or other security programs, because in my years of computing I've never had more than the most minor of infections, and I always felt such software usually complicated things more than helped. Now, though, I have Avast!, Comodo Firewall, SAS, and MBAM either running or at my disposal. And these seemed to have helped, because now when I scan with MBAM and SAS I don't return even 1 result (yet...) after I've done full scans/removes.



My current (apparent) problem: So I thought I was finally okay, but a quick search in google, click of result, and malicious page redirect proved me wrong. I just did a search now to remind myself the problem still exists. I was redirected to some different pages including apartmentfinder, mydealhero, and something else (they seemed to be fighting over where my browser should end up).

I've been dealing with this for days during my free time, and I'm at wits end. This website has been really helpful to me, but I feel I've reached a limit. I'm not sure if I've almost purged everything, or if there is a larger threat remaining. Anyway, any help will be much appreciated.



My Logs

Rooter

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:476937 Mo/Free:583 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Mon 05/04/2009|13:07

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- cmdagent.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\WINDOWS\system32\nvraidservice.exe
---------- C:\Program Files\Gigabyte\ET5\GUI.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\SealedMedia\sealmon.exe
---------- C:\Program Files\PowerISO\PWRISOVM.EXE
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
--Locked-- cfp.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\RocketDock\RocketDock.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Hans\Application Data\uTorrent\Matlab 2007b Full Release (no keygen).rar.torrent
C:\DOCUME~1\Hans\Application Data\uTorrent\Minitab 14 + Crack.zip.torrent


1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/04/2009|13:07

----------------------\\ Scan completed at 13:07



OTLI

OTListIt logfile created on: 5/4/2009 1:11:01 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Hans\TDowns
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 204.57 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOFT
Current User Name: Hans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\Gigabyte\ET5\GUI.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SealedMedia\sealmon.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe (GIGABYTE TECHNOLOGY CO., LTD.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Hans\TDowns\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CBTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (ET5Drv [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\ET5Drv.sys (Microsoft Corporation)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (itchfltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\itchfltr.sys (Logitech, Inc.)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV - (LCcfltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (odysseyIM3 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys (Funk Software, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT61 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RT61.sys (Ralink Technology Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V0250Dev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0250Dev.sys (Creative Technology Ltd.)
DRV - (wind502u [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wind502u.sys (Envara Inc.)
DRV - (MarkFun_NT [On_Demand | Running]) -- C:\Program Files\Gigabyte\ET5\markfun.w32 (Windows ® 2000 DDK provider)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.6
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11
FF - prefs.js..extensions.enabledItems: {6D898772-AD34-4c16-86BB-9DE787A5DEA0}:1.08
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.05
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}:1.0
FF - prefs.js..extensions.enabledItems: {40104CE3-27EC-42BC-BC88-08DC4D62505C}:1.0
FF - prefs.js..extensions.enabledItems: {23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}:1.0
FF - prefs.js..extensions.enabledItems: {360BBE0D-A329-4B69-A105-BB5001FF657A}:1.0
FF - prefs.js..extensions.enabledItems: {E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}:1.0
FF - prefs.js..extensions.enabledItems: {8DC09C02-327A-42B7-99B4-D1778E59D825}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008/10/07 00:25:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/04 00:02:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 13:50:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/04 00:03:01 | 00,000,000 | ---D | M]

[2008/06/28 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Extensions
[2008/06/28 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 02:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions
[2009/02/21 22:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/02/15 22:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2008/10/26 17:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2009/03/15 16:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/04/01 16:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/12/03 02:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/01 16:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/02/15 22:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/16 20:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/04/10 12:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\[email protected]
[2008/12/23 14:06:23 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\aim-search.xml
[2009/04/27 13:56:48 | 00,005,600 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\pizzatorrent.xml
[2009/04/27 13:56:48 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\weathercom.xml
[2007/07/23 23:11:41 | 00,001,083 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\wikipedia-.xml
[2008/06/23 00:43:24 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\wikipedia-en.xml
[2009/05/04 02:52:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/03 14:25:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}
[2009/05/03 17:41:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{360BBE0D-A329-4B69-A105-BB5001FF657A}
[2009/05/01 11:37:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{40104CE3-27EC-42BC-BC88-08DC4D62505C}
[2009/05/03 23:38:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8DC09C02-327A-42B7-99B4-D1778E59D825}
[2009/04/28 13:50:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 03:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}
[2007/10/22 19:22:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/28 05:12:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/04 00:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/03 14:55:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}
[2009/04/28 13:50:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 13:50:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/01 07:17:19 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/01 07:17:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/01 07:17:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/01 07:17:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/01 07:17:19 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/01 07:17:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/01 07:17:19 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (309699 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 www.123moviedownload.com
O1 - Hosts: 127.0.0.1 www.123simsen.com
O1 - Hosts: 10648 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe ()
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe (GIGABYTE TECHNOLOGY CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\zivahesu) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\) - C:\WINDOWS\system32 [2009/05/04 12:03:19 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (C:\WINDOWS\system32\biwapuyu.dll) - C:\WINDOWS\system32\biwapuyu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/05/04 12:03:19 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (C:\WINDOWS\system32\jayoriji.dll) - C:\WINDOWS\system32\jayoriji.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\tikufozi.dll) - c:\windows\system32\tikufozi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/31 23:11:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell - "" = AutoRun
O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell - "" = AutoRun
O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f3566862-523d-11dc-b706-0016e6808c96}\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/04 13:07:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/04 13:00:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/04 13:00:07 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:59:58 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\NTREGOPT.lnk
[2009/05/04 12:59:58 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\ERUNT.lnk
[2009/05/04 12:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/04 03:53:37 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/04 03:53:37 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/04 03:53:37 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/04 03:53:37 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/04 03:53:37 | 00,001,715 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/04 03:53:36 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/04 03:53:36 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/04 03:53:36 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/04 03:53:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/04 03:53:25 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/04 03:53:25 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/04 03:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/04 03:52:53 | 00,000,824 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\COMODO Internet Security.lnk
[2009/05/04 03:07:13 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Comodo
[2009/05/04 03:07:12 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/04 03:07:12 | 00,110,992 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/04 03:07:12 | 00,080,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/05/04 03:07:12 | 00,024,336 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/04 03:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/05/04 02:58:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
[2009/05/04 02:58:31 | 00,000,702 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\SpywareBlaster.lnk
[2009/05/04 02:58:30 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/05/04 02:39:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/04 02:27:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/04 02:26:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/04 02:24:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/04 02:22:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v12
[2009/05/04 02:22:45 | 00,007,180 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v12.zip
[2009/05/04 02:20:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v13
[2009/05/04 02:20:23 | 00,009,334 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v13.zip
[2009/05/04 02:12:48 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 00:19:10 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
[2009/05/04 00:19:08 | 00,000,796 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/04 00:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/04 00:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\SUPERAntiSpyware.com
[2009/05/03 14:49:40 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/01 17:38:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/01 17:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\Malwarebytes
[2009/05/01 17:12:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 17:12:55 | 00,000,714 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 17:12:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 17:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/01 17:12:52 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
[2009/05/01 17:10:39 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Hans\Desktop\mbam-setup.exe
[2009/05/01 17:00:34 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/01 17:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\Storm
[2009/05/01 16:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2009/05/01 14:10:44 | 00,015,062 | ---- | C] () -- C:\DOCUME~1\Hans\Desktop\Process.docx
[2009/05/01 02:55:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/01 02:24:17 | 00,000,000 | -H-D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/29 00:10:29 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\DOCUME~1\Hans\Desktop\setup-spybotsd162.exe
[2009/04/21 03:10:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/21 03:10:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/16 17:31:33 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 17:31:33 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 17:31:33 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 17:31:33 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 17:31:33 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 17:31:33 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 17:31:33 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 17:31:33 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 17:31:33 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 17:31:32 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/16 17:31:32 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/16 17:31:31 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/16 17:31:10 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 17:31:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 04:18:21 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/04/14 01:05:14 | 00,001,376 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/13 22:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/04/13 22:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/13 22:01:04 | 00,000,336 | ---- | C] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/13 21:58:09 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Uniblue
[2009/04/13 20:25:11 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Kkozu.dat
[2009/04/13 20:25:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Isarafawinaqafo.bin
[2008/12/03 04:31:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/15 02:08:11 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/02 23:16:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 23:16:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 23:16:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 23:16:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 23:16:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/09 12:39:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2008/04/09 12:10:42 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2007/09/25 21:53:59 | 00,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/09/12 11:10:40 | 00,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
[2007/08/26 13:28:03 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/08/26 13:28:03 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/08/26 13:28:03 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/08/26 13:28:03 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/08/26 13:28:03 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/08/26 13:28:03 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/19 18:38:36 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/17 15:32:03 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/10 16:24:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/01 22:32:37 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2007/01/31 23:34:07 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2007/01/31 23:26:46 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ycc.dll
[2007/01/31 23:18:47 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/13 17:03:14 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2006/02/28 08:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/15 01:56:50 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/11/05 09:31:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2002/10/31 00:35:48 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/03/16 20:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000080.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/04 13:00:07 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:59:58 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\NTREGOPT.lnk
[2009/05/04 12:59:58 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\ERUNT.lnk
[2009/05/04 12:53:24 | 00,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/04 12:53:20 | 00,200,051 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/04 12:53:13 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/04 12:52:35 | 00,000,062 | -HS- | M] () -- C:\DOCUME~1\Hans\Local Settings\desktop.ini
[2009/05/04 12:52:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 12:52:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 03:53:37 | 00,001,715 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/04 03:53:36 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/04 03:52:53 | 00,000,824 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\COMODO Internet Security.lnk
[2009/05/04 03:07:12 | 00,155,384 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/04 03:07:12 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/04 03:07:12 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/05/04 03:07:12 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/04 02:58:31 | 00,000,702 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\SpywareBlaster.lnk
[2009/05/04 02:55:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/04 02:40:41 | 00,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/04 02:40:41 | 00,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/04 02:40:41 | 00,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/04 02:39:53 | 00,000,075 | -HS- | M] () -- C:\DOCUME~1\Hans\My Documents\desktop.ini
[2009/05/04 02:38:51 | 00,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/04 02:36:52 | 00,002,639 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/04 02:25:56 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/04 02:22:20 | 00,007,180 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v12.zip
[2009/05/04 02:19:18 | 00,009,334 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\SysRestorePoint_v13.zip
[2009/05/04 02:04:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/04 00:19:08 | 00,000,796 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/03 14:42:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/02 18:06:07 | 00,001,376 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/01 17:12:55 | 00,000,714 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 17:10:41 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Hans\Desktop\mbam-setup.exe
[2009/05/01 15:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Hans.job
[2009/05/01 14:10:44 | 00,015,062 | ---- | M] () -- C:\DOCUME~1\Hans\Desktop\Process.docx
[2009/05/01 13:53:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zemuteme
[2009/05/01 02:24:17 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/04/29 22:50:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/29 09:31:20 | 00,309,699 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/29 08:23:38 | 00,309,770 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090429-082338.backup
[2009/04/29 08:23:38 | 00,309,728 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090429-093120.backup
[2009/04/29 00:11:16 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\DOCUME~1\Hans\Desktop\setup-spybotsd162.exe
[2009/04/28 23:55:10 | 00,058,880 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\tegawula.exe
[2009/04/21 03:10:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/21 03:10:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/14 04:18:21 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/04/14 00:53:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Isarafawinaqafo.bin
[2009/04/13 22:58:51 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Kkozu.dat
[2009/04/13 22:01:04 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/13 21:04:04 | 00,312,568 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/04/13 20:41:30 | 00,312,568 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090413-210404.backup
[2009/04/13 20:12:47 | 00,001,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090413-204130.backup
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\DOCUME~1\ALLUSE~1\Application Data\TEMP:5C321E34
< End of report >




OTLI Extras

OTListIt Extras logfile created on: 5/4/2009 1:11:01 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Hans\TDowns
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 204.57 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOFT
Current User Name: Hans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed (SightSpeed Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ()
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Valve\Steam\steamapps\common\left 4 dead demo\left4dead.exe:*:Enabled:Left 4 Dead Demo ()
C:\Program Files\Valve\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 ()
C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam (Valve Corporation)
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe:*:Enabled:DevSvc (InterVideo Inc.)
C:\Program Files\Valve\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead ()
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@BIOS" = @BIOS
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes
"{57BFC2F4-2A2E-4DC3-A0C0-E53A147631E2}" = Motorola Wireless USB Adapter
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E9EA5FD-DFD9-44C7-8301-00E371A6D8E1}" = MPLAB Tools v8.10
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{87C85D28-0633-453D-8D29-98C3A1043F6C}" = Folding@home-x86
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96A083BF-4420-48D9-8264-F8F109ACC536}" = Storm
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}" = MINITAB 14
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE00FF6D-ECFA-4466-A78C-A7212200ACEA}" = Gigabyte GN-WP01GS
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C131E0E1-1715-4D61-901A-5453A46F0800}" = Livestation
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D}" = Wolfram Notebook Indexer 1.1
"{E613ECA8-7C74-4F7D-98B8-D8C1426A8A2F}" = SealedMedia Unsealer 5.2.25
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC10C290-6E4D-4C6B-A8B3-33700C21F9E6}" = Mathematica 5.2 for Students
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Video FX Utility" = Advanced Video FX Utility
"AIM_6" = AIM 6
"Anki" = Anki
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"avast!" = avast! Antivirus
"Bruce's Unusual Typing Wizard_is1" = Bruce's Unusual Typing Wizard, Version 1.5.0
"CCleaner" = CCleaner (remove only)
"COMODO Internet Security" = COMODO Internet Security
"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
"Creative WebCam Center" = Creative WebCam Center
"DMIView" = DMIView
"EasyTune5" = EasyTune5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Face-wizard" = Face-wizard
"ffdshow" = ffdshow
"Finale NotePad 2007" = Finale NotePad 2007
"Finale NotePad 2008" = Finale NotePad 2008
"FitDay_is1" = FitDay PC version 1.0
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"Hamachi" = Hamachi 1.0.3.0
"i-Cool" = i-Cool
"InstallShield_{5E9EA5FD-DFD9-44C7-8301-00E371A6D8E1}" = MPLAB Tools v8.10
"InstallShield_{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}" = MINITAB 14
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"InstallShield_{FC10C290-6E4D-4C6B-A8B3-33700C21F9E6}" = Mathematica 5.2 for Students
"Karnaugh Map Minimizer" = Karnaugh Map Minimizer 0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007a" = MATLAB R2007a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9
"Mnemosyne_is1" = Mnemosyne 1.0.1.1
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PICC 9.60PL1" = HI-TECH PICC-Lite V9.60PL1
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"Reflex" = Reflex
"RocketDock_is1" = RocketDock 1.3.5
"Serious Samurize" = Serious Samurize
"SightSpeed" = SightSpeed (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Starcraft" = Starcraft
"Steam" = Steam
"Steam App 13210" = Unreal Tournament 3
"Steam App 15660" = Warhammer 40,000: Dawn of War II - Beta
"Steam App 17510" = Age of Chivalry
"Steam App 17550" = Eternal Silence
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 530" = Left 4 Dead Demo
"SysInfo" = Creative System Information
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"The Rosetta Stone" = The Rosetta Stone
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"vixy converter BETA_is1" = vixy converter uninstall
"Wakan" = Wakan 1.67
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! ¤u¨ã¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 60" = Ricochet
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2008 11:08:30 PM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2008 12:11:06 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 11:44:34 PM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2008 7:16:01 PM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2008 1:47:39 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2008 4:57:23 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2008 7:27:37 AM | Computer Name = MICROSOFT | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

Error - 11/19/2008 9:08:03 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2008 3:33:57 AM | Computer Name = MICROSOFT | Source = Application Hang | ID = 1002
Description = Hanging application left4dead.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2008 6:38:00 AM | Computer Name = MICROSOFT | Source = Application Error | ID = 1000
Description = Faulting application ventrilo.exe, version 3.0.4.0, faulting module
unknown, version 0.0.0.0, fault address 0x4b435553.

[ System Events ]
Error - 5/4/2009 1:26:30 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/4/2009 1:27:28 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/4/2009 1:27:39 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/4/2009 1:28:58 AM | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/4/2009 1:28:58 AM | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/4/2009 1:28:58 AM | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip

Error - 5/4/2009 2:05:00 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/4/2009 2:09:19 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/4/2009 2:09:24 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/4/2009 2:10:58 AM | Computer Name = MICROSOFT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >



I think that's all... hopefully I'm not missing anything here.

[Advertisements]

Hello Wasuremono !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


I'm reviewing your logs and will get back to you shortly.

heir

[heir]

Hello Wasuremono !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


I'm reviewing your logs and will get back to you shortly.

heir

[heir]

Sorry about the delay.

Step 1.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

• The content of C:\ComboFix.txt from step 1.
• The content of C:\lopR.txt from step 2.

[Wasuremono]

Hello,

Thank you for the response heir.

Here are my logs:


ComboFix

ComboFix 09-05-05.03 - Hans 05/05/2009 17:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2259 [GMT -4:00]
Running from: c:\documents and settings\Hans\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090505-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tegawula.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 21:46 . 2009-05-05 21:46 -------- d--h--w c:\windows\PIF
2009-05-04 20:56 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-04 20:55 . 2009-05-04 20:55 -------- d-----w c:\program files\Panda Security
2009-05-04 17:07 . 2009-05-04 17:07 -------- d-----w C:\Rooter$
2009-05-04 16:59 . 2009-05-04 17:00 -------- d-----w c:\program files\ERUNT
2009-05-04 07:53 . 2009-05-04 07:53 -------- d-----w c:\program files\Alwil Software
2009-05-04 07:07 . 2009-05-04 13:45 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-05-04 07:07 . 2009-05-04 07:07 155384 ----a-w c:\windows\system32\guard32.dll
2009-05-04 07:07 . 2009-05-04 07:07 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-05-04 07:07 . 2009-05-04 07:07 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-05-04 07:07 . 2009-05-04 07:07 -------- d-----w c:\program files\COMODO
2009-05-04 06:58 . 2009-05-04 16:54 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-04 06:58 . 2009-05-04 07:01 -------- d-----w c:\program files\SpywareBlaster
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\scripting
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\l2schemas
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\en
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\bits
2009-05-04 06:27 . 2009-05-04 06:28 -------- d-----w c:\windows\ServicePackFiles
2009-05-04 04:31 . 2009-05-04 04:31 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\documents and settings\Hans\Application Data\SUPERAntiSpyware.com
2009-05-04 04:03 . 2009-05-04 04:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 18:49 . 2009-05-04 06:04 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-03 18:43 . 2009-05-03 18:43 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-03 18:25 . 2009-05-03 18:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-01 21:38 . 2009-05-01 21:38 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\documents and settings\Hans\Application Data\Malwarebytes
2009-05-01 21:12 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 21:12 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 21:00 . 2009-05-01 21:00 -------- d-----w C:\VundoFix Backups
2009-05-01 21:00 . 2009-05-01 21:00 -------- d-----w c:\program files\Storm
2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\program files\Microsoft XNA
2009-05-01 06:24 . 2009-05-03 19:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-14 08:18 . 2009-04-14 08:18 25992 ----a-w c:\windows\system32\pgdfgsvc.exe
2009-04-14 02:50 . 2009-04-16 16:00 -------- d-----w c:\program files\Prevx
2009-04-14 02:24 . 2009-04-14 02:24 -------- d-----w c:\program files\Trend Micro
2009-04-14 01:58 . 2009-04-14 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-04-14 00:25 . 2009-04-14 04:53 0 ----a-w c:\windows\Isarafawinaqafo.bin
2009-04-14 00:25 . 2009-04-14 04:57 -------- d-----w c:\documents and settings\Hans\Local Settings\Application Data\{34DD23EC-0F88-40BD-B641-9B944710EB34}(2)
2009-04-14 00:25 . 2009-04-14 02:58 408 ----a-w c:\windows\Kkozu.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 07:21 . 2007-02-10 20:24 115600 ----a-w c:\documents and settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 06:29 . 2007-02-01 03:10 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-04 06:09 . 2008-12-24 03:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 04:17 . 2007-05-26 03:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-04 04:02 . 2007-06-19 16:47 -------- d-----w c:\program files\Java
2009-05-03 19:01 . 2007-09-12 13:37 -------- d-----w c:\program files\Lavasoft
2009-04-16 16:00 . 2007-08-24 19:13 -------- d-----w c:\program files\IrfanView
2009-04-14 01:52 . 2008-10-07 04:28 -------- d-----w c:\program files\Uniblue
2009-03-30 05:30 . 2008-08-24 12:00 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 09:24 . 2008-10-26 09:16 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-08 09:24 . 2008-10-26 09:16 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2006-02-28 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2006-02-28 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 07:10 . 2009-02-18 07:10 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-09 12:10 . 2006-02-28 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-02-28 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-02-28 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-02-28 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-02-28 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2006-02-28 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2006-02-28 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2006-02-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-12-31 67128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-15 200704]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"sealmon"="c:\program files\SealedMedia\sealmon.exe" [2007-06-04 296080]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-04 1851128]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

c:\documents and settings\Hans\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-1-31 720896]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-31 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-31 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\InterVideo\\DeviceService\\DevSvc.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:56 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/4/2009 3:53 AM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5/4/2009 3:07 AM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/4/2009 3:07 AM 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2009 3:53 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 7:12 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2/1/2007 10:21 PM 14095]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [8/26/2008 6:44 PM 163840]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\drivers\wind502u.sys [9/12/2007 8:55 AM 336256]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MARKFUN_NT
*NewlyCreated* - PAVBOOT
*Deregistered* - MarkFun_NT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bced538-dabb-11dd-b781-0016e6808c96}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca95481c-0075-11dd-b736-0016e6808c96}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3566862-523d-11dc-b706-0016e6808c96}]
\Shell\AutoRun\command - F:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]

2009-04-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-07 13:03]

2009-05-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\ph9akmw55.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1287188666.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\ymj6zi6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 17:55
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC

- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\guard32.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-05-05 18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-05 22:00

Pre-Run: 218,442,973,184 bytes free
Post-Run: 218,288,041,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

265 --- E O F --- 2009-05-05 07:00







lopR



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4200+ )
BIOS : Award Modular BIOS v6.00PG
USER : Hans ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090505-0] 4.8.1335 (Not Activated)
Firewall : COMODO Firewall 3.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:203 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT - Total:968 Mo (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 05/05/2009|18:05 )

--------------------\\ Listing folders in APPLIC~1


[10/07/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[05/03/2009|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[12/23/2008|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[01/31/2007|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/31/2007|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[12/23/2008|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AIM Toolbar
[04/07/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/23/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[02/10/2007|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[03/20/2007|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/04/2009|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comodo
[01/31/2007|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[08/26/2007|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[05/03/2009|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[10/13/2007|04:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[10/13/2007|04:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[05/01/2009|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/25/2007|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mathematica
[02/07/2009|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[05/18/2008|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[09/02/2007|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[10/12/2007|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[03/17/2007|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/11/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[05/04/2009|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[05/04/2009|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[05/04/2009|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/26/2007|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[04/13/2009|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Uniblue
[04/07/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/13/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/06/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[05/06/2008|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[01/31/2007|11:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[05/03/2009|11:17] C:\DOCUME~1\Hans\APPLIC~1\<DIR> .purple
[02/10/2007|04:26] C:\DOCUME~1\Hans\APPLIC~1\<DIR> acccore
[05/06/2008|04:20] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Adobe
[03/17/2007|03:05] C:\DOCUME~1\Hans\APPLIC~1\<DIR> AdobeUM
[03/20/2007|06:58] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Apple Computer
[09/05/2007|01:13] C:\DOCUME~1\Hans\APPLIC~1\<DIR> COWON
[08/26/2008|06:49] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Creative
[11/25/2008|04:29] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Folding@home-x86
[03/15/2009|06:09] C:\DOCUME~1\Hans\APPLIC~1\<DIR> gtk-2.0
[02/22/2009|11:31] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Hamachi
[03/21/2007|06:50] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Help
[01/31/2007|11:14] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Identities
[10/13/2007|04:21] C:\DOCUME~1\Hans\APPLIC~1\<DIR> InstallShield
[10/26/2008|05:17] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Livestation
[10/13/2007|04:22] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Logitech
[04/03/2007|02:55] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Macromedia
[05/01/2009|05:12] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Malwarebytes
[09/25/2007|10:02] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Mathematica
[09/25/2007|09:53] C:\DOCUME~1\Hans\APPLIC~1\<DIR> MathWorks
[03/17/2007|03:37] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Media Player Classic
[11/20/2008|08:54] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Microchip
[10/07/2008|12:43] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Microsoft
[06/28/2008|03:13] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Mozilla
[09/29/2007|08:15] C:\DOCUME~1\Hans\APPLIC~1\<DIR> SealedMedia
[10/31/2007|12:35] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Sibelius Software
[10/11/2008|04:34] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Skype
[10/09/2008|08:08] C:\DOCUME~1\Hans\APPLIC~1\<DIR> skypePM
[01/18/2009|10:30] C:\DOCUME~1\Hans\APPLIC~1\<DIR> SSH
[06/19/2007|12:47] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Sun
[05/04/2009|12:19] C:\DOCUME~1\Hans\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/31/2007|11:38] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Talkback
[12/17/2008|06:19] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Turbine
[02/02/2009|10:48] C:\DOCUME~1\Hans\APPLIC~1\<DIR> U3
[08/26/2007|04:34] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Ulead Systems
[10/07/2008|01:25] C:\DOCUME~1\Hans\APPLIC~1\<DIR> uniblue
[05/01/2009|03:24] C:\DOCUME~1\Hans\APPLIC~1\<DIR> uTorrent
[11/15/2008|02:08] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Ventrilo
[04/01/2007|01:55] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Viewpoint
[12/23/2008|04:04] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Vso
[08/26/2007|01:09] C:\DOCUME~1\Hans\APPLIC~1\<DIR> WinRAR
[05/06/2008|03:10] C:\DOCUME~1\Hans\APPLIC~1\<DIR> Yahoo!


[01/31/2007|11:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/31/2007|11:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/04/2009 02:55 AM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[04/13/2009 10:01 PM][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job
[05/05/2009 05:55 PM][--a------] C:\WINDOWS\tasks\WGASetup.job
[05/04/2009 03:00 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Hans.job
[04/29/2009 10:50 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/05/2009 05:54 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/28/2006 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/31/2007|11:25] C:\Program Files\<DIR> Adobe
[02/07/2009|10:52] C:\Program Files\<DIR> AGEIA Technologies
[01/31/2007|11:54] C:\Program Files\<DIR> Ahead
[12/27/2008|12:50] C:\Program Files\<DIR> AIM Toolbar
[12/27/2008|12:50] C:\Program Files\<DIR> AIM6
[05/04/2009|03:53] C:\Program Files\<DIR> Alwil Software
[01/31/2007|11:17] C:\Program Files\<DIR> AMD
[06/16/2008|06:43] C:\Program Files\<DIR> Anki
[06/14/2007|01:43] C:\Program Files\<DIR> Apple Software Update
[12/30/2008|11:38] C:\Program Files\<DIR> Aspell
[07/02/2007|02:27] C:\Program Files\<DIR> Bruce's Unusual Typing Wizard
[02/24/2009|01:37] C:\Program Files\<DIR> Calc98
[06/28/2008|01:44] C:\Program Files\<DIR> CCleaner
[05/05/2009|05:52] C:\Program Files\<DIR> Common Files
[05/04/2009|03:07] C:\Program Files\<DIR> COMODO
[01/31/2007|11:08] C:\Program Files\<DIR> ComPlus Applications
[08/26/2008|06:51] C:\Program Files\<DIR> Creative
[01/31/2007|11:56] C:\Program Files\<DIR> CyberLink
[06/11/2007|10:41] C:\Program Files\<DIR> DivX
[05/04/2009|01:00] C:\Program Files\<DIR> ERUNT
[06/11/2007|01:18] C:\Program Files\<DIR> ffdshow
[09/06/2007|10:05] C:\Program Files\<DIR> Finale NotePad 2007
[04/04/2008|08:05] C:\Program Files\<DIR> Finale NotePad 2008
[04/30/2008|01:54] C:\Program Files\<DIR> FitDay
[11/25/2008|04:07] C:\Program Files\<DIR> Folding@home
[10/27/2007|06:10] C:\Program Files\<DIR> Full Tilt Poker
[09/12/2007|08:55] C:\Program Files\<DIR> Funk Software
[01/31/2007|11:34] C:\Program Files\<DIR> Gigabyte
[02/18/2009|03:10] C:\Program Files\<DIR> Hamachi
[11/20/2008|08:45] C:\Program Files\<DIR> HI-TECH Software
[09/12/2007|11:10] C:\Program Files\<DIR> Infinite Mind LC
[01/15/2009|08:27] C:\Program Files\<DIR> InstallShield Installation Information
[05/04/2009|02:28] C:\Program Files\<DIR> Internet Explorer
[06/14/2007|01:46] C:\Program Files\<DIR> iPod
[04/16/2009|12:00] C:\Program Files\<DIR> IrfanView
[06/14/2007|01:47] C:\Program Files\<DIR> iTunes
[05/04/2009|12:02] C:\Program Files\<DIR> Java
[11/26/2008|05:53] C:\Program Files\<DIR> JetAudio
[10/09/2008|08:03] C:\Program Files\<DIR> Karnaugh Map Minimizer
[05/03/2009|03:01] C:\Program Files\<DIR> Lavasoft
[06/11/2007|01:11] C:\Program Files\<DIR> LD-Anime
[11/21/2008|06:19] C:\Program Files\<DIR> Livestation
[10/13/2007|04:21] C:\Program Files\<DIR> Logitech
[05/01/2009|05:12] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/25/2007|09:04] C:\Program Files\<DIR> MATLAB
[05/04/2009|02:30] C:\Program Files\<DIR> Messenger
[11/20/2008|08:44] C:\Program Files\<DIR> Microchip
[01/31/2007|11:11] C:\Program Files\<DIR> microsoft frontpage
[02/07/2009|09:07] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[04/02/2008|01:52] C:\Program Files\<DIR> Microsoft Office
[03/30/2009|01:30] C:\Program Files\<DIR> Microsoft Silverlight
[04/02/2008|01:52] C:\Program Files\<DIR> Microsoft Visual Studio
[04/02/2008|01:50] C:\Program Files\<DIR> Microsoft Visual Studio 8
[04/02/2008|01:53] C:\Program Files\<DIR> Microsoft Works
[05/01/2009|04:59] C:\Program Files\<DIR> Microsoft XNA
[04/02/2008|01:51] C:\Program Files\<DIR> Microsoft.NET
[10/04/2007|09:43] C:\Program Files\<DIR> MINITAB 14
[09/12/2007|08:55] C:\Program Files\<DIR> Motorola Wireless
[05/04/2009|02:28] C:\Program Files\<DIR> Movie Maker
[10/15/2007|11:05] C:\Program Files\<DIR> MozBackup
[05/05/2009|06:02] C:\Program Files\<DIR> Mozilla Firefox
[10/07/2008|12:24] C:\Program Files\<DIR> MSBuild
[01/31/2007|11:08] C:\Program Files\<DIR> MSN
[01/31/2007|11:08] C:\Program Files\<DIR> MSN Gaming Zone
[11/21/2008|04:00] C:\Program Files\<DIR> MSXML 4.0
[10/07/2008|12:21] C:\Program Files\<DIR> MSXML 6.0
[05/04/2009|02:26] C:\Program Files\<DIR> NetMeeting
[12/27/2008|12:50] C:\Program Files\<DIR> Norton Security Scan
[01/31/2007|11:08] C:\Program Files\<DIR> Online Services
[10/26/2008|05:16] C:\Program Files\<DIR> OpenAL
[05/04/2009|02:26] C:\Program Files\<DIR> Outlook Express
[02/24/2009|01:17] C:\Program Files\<DIR> Paint.NET
[05/04/2009|04:55] C:\Program Files\<DIR> Panda Security
[12/30/2008|11:38] C:\Program Files\<DIR> Pidgin
[04/02/2008|12:41] C:\Program Files\<DIR> PowerISO
[04/16/2009|12:00] C:\Program Files\<DIR> Prevx
[08/25/2007|07:46] C:\Program Files\<DIR> QuickTime
[01/31/2007|11:17] C:\Program Files\<DIR> Realtek
[10/07/2008|12:24] C:\Program Files\<DIR> Reference Assemblies
[12/15/2008|04:19] C:\Program Files\<DIR> Reflex
[02/24/2009|01:42] C:\Program Files\<DIR> RocketDock
[02/23/2009|06:40] C:\Program Files\<DIR> Samurize
[09/29/2007|08:15] C:\Program Files\<DIR> SealedMedia
[07/25/2007|07:44] C:\Program Files\<DIR> Sibelius Software
[08/26/2008|06:42] C:\Program Files\<DIR> SightSpeed
[04/11/2008|12:35] C:\Program Files\<DIR> Skype
[05/04/2009|02:09] C:\Program Files\<DIR> Spybot - Search & Destroy
[05/04/2009|03:01] C:\Program Files\<DIR> SpywareBlaster
[01/15/2009|08:27] C:\Program Files\<DIR> SSH Communications Security
[04/19/2007|08:19] C:\Program Files\<DIR> Starcraft
[05/01/2009|05:00] C:\Program Files\<DIR> Storm
[05/04/2009|12:19] C:\Program Files\<DIR> SUPERAntiSpyware
[04/23/2008|03:54] C:\Program Files\<DIR> The Rosetta Stone
[04/13/2009|10:24] C:\Program Files\<DIR> Trend Micro
[12/17/2008|05:43] C:\Program Files\<DIR> Turbine
[08/26/2007|01:27] C:\Program Files\<DIR> Ulead Systems
[04/13/2009|09:52] C:\Program Files\<DIR> Uniblue
[01/31/2007|11:14] C:\Program Files\<DIR> Uninstall Information
[10/07/2008|12:58] C:\Program Files\<DIR> uTorrent
[03/17/2007|03:31] C:\Program Files\<DIR> Valve
[11/15/2008|02:08] C:\Program Files\<DIR> Ventrilo
[10/25/2007|07:12] C:\Program Files\<DIR> Viewpoint
[10/05/2008|11:16] C:\Program Files\<DIR> vixy.net
[12/27/2008|12:50] C:\Program Files\<DIR> VSO
[12/01/2008|10:30] C:\Program Files\<DIR> Wakan
[01/02/2009|03:10] C:\Program Files\<DIR> Warcraft III
[09/08/2007|04:53] C:\Program Files\<DIR> Warkeys
[08/26/2007|01:27] C:\Program Files\<DIR> Windows Media Components
[05/13/2007|04:46] C:\Program Files\<DIR> Windows Media Connect 2
[05/04/2009|02:26] C:\Program Files\<DIR> Windows Media Player
[05/04/2009|02:26] C:\Program Files\<DIR> Windows NT
[01/31/2007|11:10] C:\Program Files\<DIR> WindowsUpdate
[08/26/2007|01:09] C:\Program Files\<DIR> WinRAR
[09/25/2007|09:59] C:\Program Files\<DIR> Wolfram Research
[07/06/2007|09:07] C:\Program Files\<DIR> World of Warcraft
[01/31/2007|11:11] C:\Program Files\<DIR> xerox
[05/06/2008|04:19] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/17/2007|03:04] C:\Program Files\Common Files\<DIR> Adobe
[01/31/2007|11:52] C:\Program Files\Common Files\<DIR> Ahead
[02/10/2007|04:26] C:\Program Files\Common Files\<DIR> AOL
[04/13/2007|06:37] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[09/05/2007|01:13] C:\Program Files\Common Files\<DIR> COWON
[04/02/2008|01:52] C:\Program Files\Common Files\<DIR> DESIGNER
[09/12/2007|08:55] C:\Program Files\Common Files\<DIR> Funk Software
[12/30/2008|11:26] C:\Program Files\Common Files\<DIR> GTK
[09/25/2007|09:58] C:\Program Files\Common Files\<DIR> InstallShield
[08/26/2007|01:28] C:\Program Files\Common Files\<DIR> InterVideo
[06/19/2007|12:46] C:\Program Files\Common Files\<DIR> Java
[01/31/2007|11:55] C:\Program Files\Common Files\<DIR> LightScribe
[12/31/2008|02:24] C:\Program Files\Common Files\<DIR> LogiShared
[12/31/2008|02:31] C:\Program Files\Common Files\<DIR> Logishrd
[12/31/2008|02:31] C:\Program Files\Common Files\<DIR> Logitech
[05/01/2009|04:59] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/31/2007|11:09] C:\Program Files\Common Files\<DIR> MSSoap
[01/31/2007|11:54] C:\Program Files\Common Files\<DIR> Nero
[02/10/2007|04:26] C:\Program Files\Common Files\<DIR> Nullsoft
[01/31/2007|06:04] C:\Program Files\Common Files\<DIR> ODBC
[01/31/2007|11:09] C:\Program Files\Common Files\<DIR> Services
[04/11/2008|12:35] C:\Program Files\Common Files\<DIR> Skype
[01/31/2007|06:04] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/27/2008|12:50] C:\Program Files\Common Files\<DIR> Symantec Shared(2)
[05/04/2009|02:26] C:\Program Files\Common Files\<DIR> System
[08/26/2007|01:27] C:\Program Files\Common Files\<DIR> Ulead Systems
[05/04/2009|12:17] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 18:06:30
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Hans\Application Data\uTorrent\Matlab 2007b Full Release (no keygen).rar.torrent
C:\DOCUME~1\Hans\Application Data\uTorrent\Minitab 14 + Crack.zip.torrent


[F:2][D:0]-> C:\DOCUME~1\Hans\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Hans\Cookies
[F:2][D:0]-> C:\DOCUME~1\Hans\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 05/05/2009|18:07 - Option : [1]

--------------------\\ Scan completed at 18:07:08

[heir]

I'm suspecting that there might be a rootkit playing around in here.
We'll remove what's found and do a scan for it.

The source of your infections is likely related to the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
Filescans:

• Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • c:\windows\system32\KB905474\wgasetup.exe
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Do the same with these:c:\windows\Kkozu.dat
c:\windows\Isarafawinaqafo.bin
C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
C:\WINDOWS\System32\ycc.dll
C:\WINDOWS\System32\atsdrve.dll
C:\WINDOWS\UA000080.DLL
C:\WINDOWS\System32\zemuteme


Step 2.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
µTorrent
Viewpoint Media Player


Optional removals
µTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Older versions of Java have vulnerabilities that malware can use to infect your system.

Step 3.
OTLfix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
  SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  O20 - AppInit_DLLs: (c:\windows\system32\zivahesu) - File not found
  O20 - AppInit_DLLs: (C:\WINDOWS\system32\biwapuyu.dll) - C:\WINDOWS\system32\biwapuyu.dll File not found
  O20 - AppInit_DLLs: (C:\WINDOWS\system32\jayoriji.dll) - C:\WINDOWS\system32\jayoriji.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\tikufozi.dll) - c:\windows\system32\tikufozi.dll File not found
  O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell - "" = AutoRun
  O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell - "" = AutoRun
  O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{f3566862-523d-11dc-b706-0016e6808c96}\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  C:\Program Files\uTorrent\utorrent.exe=-
  :Files
  C:\DOCUME~1\Hans\Application Data\uTorrent\Matlab 2007b Full Release (no keygen).rar.torrent
  C:\DOCUME~1\Hans\Application Data\uTorrent\Minitab 14 + Crack.zip.torrent
  [10/25/2007|07:12] C:\Program Files\Viewpoint
  [04/01/2007|01:55] C:\DOCUME~1\Hans\APPLIC~1\Viewpoint
  [04/07/2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Step 4.
OTL-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scans/Fixes box at the bottom left paste the following in
  
  

  c:\documents and settings\Hans\Local Settings\Application Data\{34DD23EC-0F88-40BD-B641-9B944710EB34}(2)\*.
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {51019853-129C-4EDE-9030-D5FD7BBD9AD0}\*.
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\*.

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 5.
GMER:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Step 6.
Things I would like to see in your reply:

• The results from the filescans in step 1.
• Which P2P softwares were uninstalled in step 2.
• The content of the fixlog from OTL2 in step 3.
• The content of OTListIt.txt from step 4
• The content of the report from GMER in step 5.

[Wasuremono]

Well, the Step 4 scan keeps hanging on at "checking manual scans" or something like this. I waited maybe close to 10 mins and it didn't seem to be going anywhere. I didn't proceed to step 5 because of this.

Here is Step1-3 anyway:


Step 1

VirSCAN.org Scanned Report :
Scanned time : 2009/04/25 13:08:52 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : wgasetup.exe
File Size : 453512 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 1d7ba0cfbdb204b0a3be40bfa79ce6f1
SHA1 : 1be31376adf16e12cb20eb2968c51fc80f09faf8
Online report : http://virscan.org/r...6af7d67206.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090424020229 2009-04-24 6.04 -
AhnLab V3 2009.04.25.00 2009.04.25 2009-04-25 0.73 -
AntiVir 7.9.0.156 7.1.3.109 2009-04-25 2.05 -
Antiy 2.0.18 20090425.2318496 2009-04-25 0.12 -
Arcavir 2009 200904240931 2009-04-24 0.10 -
Authentium 5.1.1 200904241611 2009-04-24 2.10 -
AVAST! 3.0.1 090425-0 2009-04-25 0.03 -
AVG 7.5.52.442 270.12.4/2080 2009-04-25 2.07 -
BitDefender 7.81008.2850277 7.25002 2009-04-25 2.68 -
CA (VET) 9.0.0.143 31.6.6474 2009-04-25 13.04 -
ClamAV 0.95 9288 2009-04-25 0.09 -
Comodo 3.8 1135 2009-04-25 1.93 -
CP Secure 1.1.0.715 2009.04.25 2009-04-25 8.79 -
Dr.Web 4.44.0.9170 2009.04.25 2009-04-25 4.51 -
F-Prot 4.4.4.56 20090424 2009-04-24 2.29 -
F-Secure 5.51.6100 2009.04.25.01 2009-04-25 5.27 -
Fortinet 2.81-3.117 10.319 2009-04-25 0.51 -
GData 19.4842/19.310 20090425 2009-04-25 9.82 -
ViRobot 20090424 2009.04.24 2009-04-24 1.01 -
Ikarus T3.1.01.49 2009.04.25.72631 2009-04-25 2.90 -
JiangMin 11.0.706 2009.04.25 2009-04-25 5.63 -
Kaspersky 5.5.10 2009.04.25 2009-04-25 0.07 -
KingSoft 2009.2.5.15 2009.4.25.21 2009-04-25 5.04 -
McAfee 5.3.00 5595 2009-04-24 2.84 -
Microsoft 1.4602 2009.04.25 2009-04-25 11.36 -
mks_vir 2.01 2009.04.24 2009-04-24 2.74 -
Norman 6.00.06 6.00.00 2009-04-24 10.01 -
Panda 9.05.01 2009.04.25 2009-04-25 4.30 -
Trend Micro 8.700-1004 5.985.00 2009-04-25 0.06 -
Quick Heal 10.00 2009.04.25 2009-04-25 1.19 -
Rising 20.0 21.26.52.00 2009-04-25 1.52 -
Sophos 2.85.0 4.40 2009-04-25 2.40 -
Sunbelt 5111 5111 2009-04-24 0.96 -
Symantec 1.3.0.24 20090424.003 2009-04-24 0.15 -
nProtect 20090424.03 3494918 2009-04-24 16.95 -
The Hacker 6.3.4.1 v00314 2009-04-24 1.63 -
VBA32 3.12.10.3 20090423.1331 2009-04-23 1.92 -
VirusBuster 4.5.11.10 10.105.6/1306872 2009-04-25 1.72 -



VirSCAN.org Scanned Report :
Scanned time : 2009/04/13 04:42:30 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : Jgivejiguluk.dat
File Size : 408 byte
File Type : ASCII text, with very long lines, with no line terminators
MD5 : 97992b41e6581cdcf5bc235d4e82d693
SHA1 : 5722bdd7bd3a8d0613147ae1404f9edee42c690a
Online report : http://virscan.org/r...a47c684308.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090412200212 2009-04-12 1.95 -
AhnLab V3 2009.04.13.00 2009.04.13 2009-04-13 0.60 -
AntiVir 7.9.0.138 7.1.3.42 2009-04-11 1.98 -
Antiy 2.0.18 20090413.2293849 2009-04-13 0.12 -
Authentium 5.1.1 200904111622 2009-04-11 1.15 -
AVAST! 3.0.1 090412-0 2009-04-12 0.00 -
AVG 7.5.52.442 270.11.54/2055 2009-04-12 2.00 -
BitDefender 7.81008.2846238 7.24769 2009-04-13 2.64 -
CA (VET) 9.0.0.143 31.6.6450 2009-04-10 3.92 -
ClamAV 0.95 9227 2009-04-13 0.00 -
Comodo 3.8 1111 2009-04-12 1.19 -
CP Secure 1.1.0.715 2009.04.13 2009-04-13 8.16 -
Dr.Web 4.44.0.9170 2009.04.13 2009-04-13 4.37 -
F-Prot 4.4.4.56 20090411 2009-04-11 1.11 -
F-Secure 5.51.6100 2009.04.13.02 2009-04-13 0.05 -
Fortinet 2.81-3.117 10.278 2009-04-12 0.14 -
GData 19.4583/19.297 20090413 2009-04-13 3.52 -
ViRobot 20090410 2009.04.10 2009-04-10 0.57 -
Ikarus T3.1.01.49 2009.04.13.72569 2009-04-13 2.88 -
JiangMin 11.0.706 2009.04.12 2009-04-12 1.66 -
Kaspersky 5.5.10 2009.04.13 2009-04-13 0.03 -
KingSoft 2009.2.5.15 2009.4.13.7 2009-04-13 2.91 -
McAfee 5.3.00 5582 2009-04-12 2.79 -
Microsoft 1.4502 2009.04.13 2009-04-13 4.41 -
mks_vir 2.01 2009.04.12 2009-04-12 2.66 -
Norman 6.00.06 6.00.00 2009-04-09 8.01 -
Panda 9.05.01 2009.04.12 2009-04-12 1.83 -
Trend Micro 8.700-1004 5.964.01 2009-04-12 0.02 -
Quick Heal 10.00 2009.04.13 2009-04-13 1.90 -
Rising 20.0 21.25.00.00 2009-04-13 0.40 -
Sophos 2.85.0 4.40 2009-04-13 2.11 -
Sunbelt 5089 5089 2009-04-12 0.61 -
Symantec 1.3.0.24 20090412.003 2009-04-12 0.13 -
nProtect 20090413.01 3464164 2009-04-13 6.13 -
The Hacker 6.3.4.0 v00306 2009-04-12 1.08 -
VBA32 3.12.10.2 20090412.1026 2009-04-12 1.70 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.49 -



For c:\windows\Isarafawinaqafo.bin I got "ERROR can't find file"



VirSCAN.org Scanned Report :
Scanned time : 2009/05/06 16:41:01 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : {789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
File Size : 262 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 72dba45048da915088abd4fe00ac8fc1
SHA1 : 5c69fc9b167913d4c9911facd41857bdaad5d5f0
Online report : http://virscan.org/r...fd13217440.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090507000335 2009-05-07 3.21 -
AhnLab V3 2009.05.07.00 2009.05.07 2009-05-07 0.62 -
AntiVir 7.9.0.160 7.1.3.164 2009-05-06 2.04 -
Antiy 2.0.18 20090506.2357764 2009-05-06 0.12 -
Arcavir 2009 200905060928 2009-05-06 0.75 -
Authentium 5.1.1 200905060849 2009-05-06 1.10 -
AVAST! 4.7.4 090505-0 2009-05-05 0.00 -
AVG 8.5.286 270.12.20/2100 2009-05-06 3.20 -
BitDefender 7.81008.2902025 7.25235 2009-05-06 2.70 -
CA (VET) 9.0.0.143 31.6.6490 2009-05-06 10.96 -
ClamAV 0.95 9332 2009-05-06 0.00 -
Comodo 3.8 1154 2009-05-06 0.67 -
CP Secure 1.1.0.715 2009.05.07 2009-05-07 8.83 -
Dr.Web 4.44.0.9170 2009.05.06 2009-05-06 4.48 -
F-Prot 4.4.4.56 20090506 2009-05-06 1.09 -
F-Secure 5.51.6100 2009.05.06.11 2009-05-06 5.32 -
Fortinet 2.81-3.117 10.358 2009-05-06 0.14 -
GData 19.5069/19.322 20090506 2009-05-06 2.73 -
ViRobot 20090506 2009.05.06 2009-05-06 0.42 -
Ikarus T3.1.01.49 2009.05.06.72678 2009-05-06 2.78 -
JiangMin 11.0.706 2009.05.06 2009-05-06 2.20 -
Kaspersky 5.5.10 2009.05.06 2009-05-06 0.02 -
KingSoft 2009.2.5.15 2009.5.6.22 2009-05-06 0.41 -
McAfee 5.3.00 5607 2009-05-06 2.83 -
Microsoft 1.4602 2009.05.06 2009-05-06 7.01 -
mks_vir 2.01 2009.05.06 2009-05-06 2.68 -
Norman 6.01.05 6.01.00 2009-05-06 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 0.50 -
Trend Micro 8.700-1004 6.112.06 2009-05-06 0.02 -
Quick Heal 10.00 2009.05.06 2009-05-06 1.08 -
Rising 20.0 21.28.22.00 2009-05-06 0.52 -
Sophos 2.86.0 4.41 2009-05-07 2.21 -
Sunbelt 5123 5123 2009-05-05 1.20 -
Symantec 1.3.0.24 20090506.002 2009-05-06 0.34 -
nProtect 20090506.01 3583152 2009-05-06 4.49 -
The Hacker 6.3.4.1 v00319 2009-05-05 0.52 -
VBA32 3.12.10.4 20090505.1100 2009-05-05 1.84 -
VirusBuster 4.5.11.10 10.105.17/1328820 2009-05-06 2.15 -



VirSCAN.org Scanned Report :
Scanned time : 2009/05/06 16:43:55 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : ycc.dll
File Size : 61440 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : d1467bce131457a998b61e8bb2681857
SHA1 : d2476b9939117376ce2152f5f8878536796419c6
Online report : http://virscan.org/r...b9407187a6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090507000335 2009-05-07 3.06 -
AhnLab V3 2009.05.07.00 2009.05.07 2009-05-07 0.63 -
AntiVir 7.9.0.160 7.1.3.164 2009-05-06 2.04 -
Antiy 2.0.18 20090506.2357764 2009-05-06 0.12 -
Arcavir 2009 200905060928 2009-05-06 0.14 -
Authentium 5.1.1 200905060849 2009-05-06 1.60 -
AVAST! 4.7.4 090505-0 2009-05-05 0.01 -
AVG 8.5.286 270.12.20/2100 2009-05-06 3.23 -
BitDefender 7.81008.2902025 7.25235 2009-05-06 2.69 -
CA (VET) 9.0.0.143 31.6.6490 2009-05-06 6.85 -
ClamAV 0.95 9332 2009-05-06 0.04 -
Comodo 3.8 1154 2009-05-06 0.67 -
CP Secure 1.1.0.715 2009.05.07 2009-05-07 8.88 -
Dr.Web 4.44.0.9170 2009.05.06 2009-05-06 4.49 -
F-Prot 4.4.4.56 20090506 2009-05-06 1.54 -
F-Secure 5.51.6100 2009.05.06.11 2009-05-06 5.36 -
Fortinet 2.81-3.117 10.358 2009-05-06 0.31 -
GData 19.5069/19.322 20090506 2009-05-06 2.82 -
ViRobot 20090506 2009.05.06 2009-05-06 0.41 -
Ikarus T3.1.01.49 2009.05.06.72678 2009-05-06 2.81 -
JiangMin 11.0.706 2009.05.06 2009-05-06 2.79 -
Kaspersky 5.5.10 2009.05.06 2009-05-06 0.07 -
KingSoft 2009.2.5.15 2009.5.6.22 2009-05-06 3.36 -
McAfee 5.3.00 5607 2009-05-06 2.89 -
Microsoft 1.4602 2009.05.06 2009-05-06 5.20 -
mks_vir 2.01 2009.05.06 2009-05-06 2.74 -
Norman 6.01.05 6.01.00 2009-05-06 4.00 -
Panda 9.05.01 2009.05.04 2009-05-04 6.78 -
Trend Micro 8.700-1004 6.112.06 2009-05-06 0.03 -
Quick Heal 10.00 2009.05.06 2009-05-06 1.30 -
Rising 20.0 21.28.22.00 2009-05-06 2.12 -
Sophos 2.86.0 4.41 2009-05-07 2.26 -
Sunbelt 5123 5123 2009-05-05 1.89 -
Symantec 1.3.0.24 20090506.002 2009-05-06 0.05 -
nProtect 20090506.01 3583152 2009-05-06 9.78 -
The Hacker 6.3.4.1 v00319 2009-05-05 0.57 -
VBA32 3.12.10.4 20090505.1100 2009-05-05 1.94 -
VirusBuster 4.5.11.10 10.105.17/1328820 2009-05-06 1.63 -



VirSCAN.org Scanned Report :
Scanned time : 2009/05/06 16:46:53 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : atsdrve.dll
File Size : 1024 byte
File Type : data
MD5 : 4454977e0b792e349bb1dbe77056b69e
SHA1 : 0e5d91c30c8d9eb3b6aa47ce435f6c939c22edae
Online report : http://virscan.org/r...a2307a7de5.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090507000335 2009-05-07 2.35 -
AhnLab V3 2009.05.07.00 2009.05.07 2009-05-07 0.62 -
AntiVir 7.9.0.160 7.1.3.164 2009-05-06 2.03 -
Antiy 2.0.18 20090506.2357764 2009-05-06 0.12 -
Arcavir 2009 200905060928 2009-05-06 0.02 -
Authentium 5.1.1 200905060849 2009-05-06 1.10 -
AVAST! 4.7.4 090505-0 2009-05-05 0.00 -
AVG 8.5.286 270.12.20/2100 2009-05-06 3.20 -
BitDefender 7.81008.2902025 7.25235 2009-05-06 2.69 -
CA (VET) 9.0.0.143 31.6.6490 2009-05-06 11.12 -
ClamAV 0.95 9332 2009-05-06 0.00 -
Comodo 3.8 1154 2009-05-06 0.95 -
CP Secure 1.1.0.715 2009.05.07 2009-05-07 8.83 -
Dr.Web 4.44.0.9170 2009.05.06 2009-05-06 4.50 -
F-Prot 4.4.4.56 20090506 2009-05-06 1.10 -
F-Secure 5.51.6100 2009.05.06.11 2009-05-06 5.31 -
Fortinet 2.81-3.117 10.358 2009-05-06 0.15 -
GData 19.5069/19.322 20090506 2009-05-06 3.15 -
ViRobot 20090506 2009.05.06 2009-05-06 0.43 -
Ikarus T3.1.01.49 2009.05.06.72678 2009-05-06 2.81 -
JiangMin 11.0.706 2009.05.06 2009-05-06 1.73 -
Kaspersky 5.5.10 2009.05.06 2009-05-06 0.02 -
KingSoft 2009.2.5.15 2009.5.6.22 2009-05-06 0.42 -
McAfee 5.3.00 5607 2009-05-06 2.83 -
Microsoft 1.4602 2009.05.06 2009-05-06 4.77 -
mks_vir 2.01 2009.05.06 2009-05-06 2.72 -
Norman 6.01.05 6.01.00 2009-05-06 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 2.95 -
Trend Micro 8.700-1004 6.112.06 2009-05-06 0.02 -
Quick Heal 10.00 2009.05.06 2009-05-06 1.47 -
Rising 20.0 21.28.22.00 2009-05-06 0.35 -
Sophos 2.86.0 4.41 2009-05-07 2.22 -
Sunbelt 5123 5123 2009-05-05 4.92 -
Symantec 1.3.0.24 20090506.002 2009-05-06 0.22 -
nProtect 20090506.01 3583152 2009-05-06 12.42 -
The Hacker 6.3.4.1 v00319 2009-05-05 0.52 -
VBA32 3.12.10.4 20090505.1100 2009-05-05 1.83 -
VirusBuster 4.5.11.10 10.105.17/1328820 2009-05-06 1.61 -



VirSCAN.org Scanned Report :
Scanned time : 2009/05/06 16:50:03 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : UA000080.DLL
File Size : 7420 byte
File Type : data
MD5 : bd1b9f1d167f8b93b367db4c3ca6ff1d
SHA1 : 04a3fd79bd9582c76d553c782442b08cc519b30e
Online report : http://virscan.org/r...9f876a0612.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090507000335 2009-05-07 1.92 -
AhnLab V3 2009.05.07.00 2009.05.07 2009-05-07 0.69 -
AntiVir 7.9.0.160 7.1.3.164 2009-05-06 2.04 -
Antiy 2.0.18 20090506.2357764 2009-05-06 0.12 -
Arcavir 2009 200905060928 2009-05-06 0.03 -
Authentium 5.1.1 200905060849 2009-05-06 1.09 -
AVAST! 4.7.4 090505-0 2009-05-05 0.00 -
AVG 8.5.286 270.12.20/2100 2009-05-06 3.25 -
BitDefender 7.81008.2902025 7.25235 2009-05-06 2.68 -
CA (VET) 9.0.0.143 31.6.6490 2009-05-06 12.14 -
ClamAV 0.95 9332 2009-05-06 0.00 -
Comodo 3.8 1154 2009-05-06 1.15 -
CP Secure 1.1.0.715 2009.05.07 2009-05-07 8.81 -
Dr.Web 4.44.0.9170 2009.05.06 2009-05-06 4.49 -
F-Prot 4.4.4.56 20090506 2009-05-06 1.10 -
F-Secure 5.51.6100 2009.05.06.11 2009-05-06 0.03 -
Fortinet 2.81-3.117 10.358 2009-05-06 0.24 -
GData 19.5069/19.322 20090506 2009-05-06 5.25 -
ViRobot 20090506 2009.05.06 2009-05-06 1.55 -
Ikarus T3.1.01.49 2009.05.06.72678 2009-05-06 2.81 -
JiangMin 11.0.706 2009.05.06 2009-05-06 4.09 -
Kaspersky 5.5.10 2009.05.06 2009-05-06 0.02 -
KingSoft 2009.2.5.15 2009.5.6.22 2009-05-06 0.44 -
McAfee 5.3.00 5607 2009-05-06 2.82 -
Microsoft 1.4602 2009.05.06 2009-05-06 5.24 -
mks_vir 2.01 2009.05.06 2009-05-06 2.70 -
Norman 6.01.05 6.01.00 2009-05-06 4.01 -
Panda 9.05.01 2009.05.04 2009-05-04 5.11 -
Trend Micro 8.700-1004 6.112.06 2009-05-06 0.02 -
Quick Heal 10.00 2009.05.06 2009-05-06 1.29 -
Rising 20.0 21.28.22.00 2009-05-06 0.88 -
Sophos 2.86.0 4.41 2009-05-07 2.21 -
Sunbelt 5123 5123 2009-05-05 4.11 -
Symantec 1.3.0.24 20090506.002 2009-05-06 0.04 -
nProtect 20090506.01 3583152 2009-05-06 4.63 -
The Hacker 6.3.4.1 v00319 2009-05-05 0.53 -
VBA32 3.12.10.4 20090505.1100 2009-05-05 1.87 -
VirusBuster 4.5.11.10 10.105.17/1328820 2009-05-06 1.63 -




VirSCAN.org Scanned Report :
Scanned time : 2009/05/06 16:54:17 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : zemuteme
File Size : 6456 byte
File Type :
MD5 : 24e2f9f46dfcfa00b9a8f50812a9a532
SHA1 : a2a8b46b8571427beee50bf1586986cd917aadb1
Online report : http://virscan.org/r...c369c72913.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090507000335 2009-05-07 2.91 -
AhnLab V3 2009.05.07.00 2009.05.07 2009-05-07 0.62 -
AntiVir 7.9.0.160 7.1.3.164 2009-05-06 2.03 -
Antiy 2.0.18 20090506.2357764 2009-05-06 0.12 -
Arcavir 2009 200905060928 2009-05-06 0.02 -
Authentium 5.1.1 200905060849 2009-05-06 1.11 -
AVAST! 4.7.4 090505-0 2009-05-05 0.00 -
AVG 8.5.286 270.12.20/2100 2009-05-06 3.19 -
BitDefender 7.81008.2902025 7.25235 2009-05-06 2.70 -
CA (VET) 9.0.0.143 31.6.6490 2009-05-06 7.67 -
ClamAV 0.95 9332 2009-05-06 0.00 -
Comodo 3.8 1154 2009-05-06 1.42 -
CP Secure 1.1.0.715 2009.05.07 2009-05-07 8.83 -
Dr.Web 4.44.0.9170 2009.05.06 2009-05-06 4.47 -
F-Prot 4.4.4.56 20090506 2009-05-06 1.09 -
F-Secure 5.51.6100 2009.05.06.11 2009-05-06 5.32 -
Fortinet 2.81-3.117 10.358 2009-05-06 0.16 -
GData 19.5069/19.322 20090506 2009-05-06 2.78 -
ViRobot 20090506 2009.05.06 2009-05-06 0.40 -
Ikarus T3.1.01.49 2009.05.06.72678 2009-05-06 2.82 -
JiangMin 11.0.706 2009.05.06 2009-05-06 1.73 -
Kaspersky 5.5.10 2009.05.06 2009-05-06 0.02 -
KingSoft 2009.2.5.15 2009.5.6.22 2009-05-06 0.44 -
McAfee 5.3.00 5607 2009-05-06 2.84 -
Microsoft 1.4602 2009.05.06 2009-05-06 5.72 -
mks_vir 2.01 2009.05.06 2009-05-06 2.77 -
Norman 6.01.05 6.01.00 2009-05-06 4.00 -
Panda 9.05.01 2009.05.04 2009-05-04 0.50 -
Trend Micro 8.700-1004 6.112.06 2009-05-06 0.02 -
Quick Heal 10.00 2009.05.06 2009-05-06 1.08 -
Rising 20.0 21.28.22.00 2009-05-06 0.35 -
Sophos 2.86.0 4.41 2009-05-07 2.22 -
Sunbelt 5123 5123 2009-05-05 0.92 -
Symantec 1.3.0.24 20090506.002 2009-05-06 0.20 -
nProtect 20090506.01 3583152 2009-05-06 7.00 -
The Hacker 6.3.4.1 v00319 2009-05-05 0.52 -
VBA32 3.12.10.4 20090505.1100 2009-05-05 1.82 -
VirusBuster 4.5.11.10 10.105.17/1328820 2009-05-06 1.61 -





Step 2

I uninstalled the outdated Java updates and I uninstalled uTorrent. Of note is that at first I didn't not uninstall uTorrent in step 2, but I went ahead and did it after step 3 anyway.




Step 3

Note: I had to run this twice because I'm not sure if it took the first time (I forgot to close my virus and spyware stuff first).

========== OTLISTIT ==========
Process explorer.exe killed successfully!
No active process named ViewpointService.exe was found!
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bced538-dabb-11dd-b781-0016e6808c96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bced538-dabb-11dd-b781-0016e6808c96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bced538-dabb-11dd-b781-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bced538-dabb-11dd-b781-0016e6808c96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca95481c-0075-11dd-b736-0016e6808c96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca95481c-0075-11dd-b736-0016e6808c96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca95481c-0075-11dd-b736-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca95481c-0075-11dd-b736-0016e6808c96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3566862-523d-11dc-b706-0016e6808c96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3566862-523d-11dc-b706-0016e6808c96}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe not found.
========== FILES ==========
File\Folder C:\DOCUME~1\Hans\Application Data\uTorrent\Matlab 2007b Full Release (no keygen).rar.torrent not found.
File\Folder C:\DOCUME~1\Hans\Application Data\uTorrent\Minitab 14 + Crack.zip.torrent not found.
Invalid time flag! [ 2007|07:12] C:\Program Files\Viewpoint ]. Must be numerical.
Invalid time flag! [ 2007|01:55] C:\DOCUME~1\Hans\APPLIC~1\Viewpoint ]. Must be numerical.
Invalid time flag! [ 2008|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint ]. Must be numerical.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Hans\Local Settings\temp\etilqs_2Qcnumg1E1dDWX7hfUBc scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2f4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05062009_173048

Files moved on Reboot...
File C:\Documents and Settings\Hans\Local Settings\temp\etilqs_2Qcnumg1E1dDWX7hfUBc not found!
C:\WINDOWS\temp\Perflib_Perfdata_2f4.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat not found!

Registry entries deleted on Reboot...




Step 4

Getting stuck here...


Step 5

Haven't attempted yet...

[heir]

Looks like on of the files didn't get scanned c:\windows\Kkozu.dat The result was for this file: Jgivejiguluk.dat

Well, the Step 4 scan keeps hanging on at "checking manual scans" or something like this.

An error in the custom scan part. Corrected it.

I didn't proceed to step 5 because of this.

We'll get it done this time then.

Let's do things like this then:

Step 1.
Filescans:

• Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • c:\windows\Kkozu.dat
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Step 2.
OTLfix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  :Files
  C:\Program Files\Viewpoint
  C:\DOCUME~1\Hans\APPLIC~1\Viewpoint
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Step 3.
OTL-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scans/Fixes box at the bottom left paste the following in
  
  

  c:\documents and settings\Hans\Local Settings\Application Data\{34DD23EC-0F88-40BD-B641-9B944710EB34}(2)\*. *
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\*. *
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\*.*

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 4.
GMER:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Step 5.
Things I would like to see in your reply:

• The results from the filescan in step 1.
• The content of the fixlog from OTL2 in step 2.
• The content of OTListIt.txt from step 3
• The content of the report from GMER in step 4.

[Wasuremono]

Thank you for your continued assistance!


Gmer gave me a log of text 600kb in size (is this what I am supposed to post?), so posting everything together gave me a length of post error. Maybe I can post that next.

Here are steps 1-3:




Step 1

It says, "The file are Kkozu.dat uploaded by other users and scanned successfully at 2009/04/13 16:42:30, and 37 softwares update the database from last scan to now."

VirSCAN.org Scanned Report :
Scanned time : 2009/04/13 04:42:30 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : Jgivejiguluk.dat
File Size : 408 byte
File Type : ASCII text, with very long lines, with no line terminators
MD5 : 97992b41e6581cdcf5bc235d4e82d693
SHA1 : 5722bdd7bd3a8d0613147ae1404f9edee42c690a
Online report : http://virscan.org/r...a47c684308.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090412200212 2009-04-12 1.95 -
AhnLab V3 2009.04.13.00 2009.04.13 2009-04-13 0.60 -
AntiVir 7.9.0.138 7.1.3.42 2009-04-11 1.98 -
Antiy 2.0.18 20090413.2293849 2009-04-13 0.12 -
Authentium 5.1.1 200904111622 2009-04-11 1.15 -
AVAST! 3.0.1 090412-0 2009-04-12 0.00 -
AVG 7.5.52.442 270.11.54/2055 2009-04-12 2.00 -
BitDefender 7.81008.2846238 7.24769 2009-04-13 2.64 -
CA (VET) 9.0.0.143 31.6.6450 2009-04-10 3.92 -
ClamAV 0.95 9227 2009-04-13 0.00 -
Comodo 3.8 1111 2009-04-12 1.19 -
CP Secure 1.1.0.715 2009.04.13 2009-04-13 8.16 -
Dr.Web 4.44.0.9170 2009.04.13 2009-04-13 4.37 -
F-Prot 4.4.4.56 20090411 2009-04-11 1.11 -
F-Secure 5.51.6100 2009.04.13.02 2009-04-13 0.05 -
Fortinet 2.81-3.117 10.278 2009-04-12 0.14 -
GData 19.4583/19.297 20090413 2009-04-13 3.52 -
ViRobot 20090410 2009.04.10 2009-04-10 0.57 -
Ikarus T3.1.01.49 2009.04.13.72569 2009-04-13 2.88 -
JiangMin 11.0.706 2009.04.12 2009-04-12 1.66 -
Kaspersky 5.5.10 2009.04.13 2009-04-13 0.03 -
KingSoft 2009.2.5.15 2009.4.13.7 2009-04-13 2.91 -
McAfee 5.3.00 5582 2009-04-12 2.79 -
Microsoft 1.4502 2009.04.13 2009-04-13 4.41 -
mks_vir 2.01 2009.04.12 2009-04-12 2.66 -
Norman 6.00.06 6.00.00 2009-04-09 8.01 -
Panda 9.05.01 2009.04.12 2009-04-12 1.83 -
Trend Micro 8.700-1004 5.964.01 2009-04-12 0.02 -
Quick Heal 10.00 2009.04.13 2009-04-13 1.90 -
Rising 20.0 21.25.00.00 2009-04-13 0.40 -
Sophos 2.85.0 4.40 2009-04-13 2.11 -
Sunbelt 5089 5089 2009-04-12 0.61 -
Symantec 1.3.0.24 20090412.003 2009-04-12 0.13 -
nProtect 20090413.01 3464164 2009-04-13 6.13 -
The Hacker 6.3.4.0 v00306 2009-04-12 1.08 -
VBA32 3.12.10.2 20090412.1026 2009-04-12 1.70 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.49 -




Step 2


========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint\Viewpoint Media Player moved successfully.
C:\DOCUME~1\Hans\APPLIC~1\Viewpoint moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\AxMetaStream_Win moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Hans\Local Settings\temp\etilqs_H0XboSe5p9FfSbYkFlQu scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_254.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_72c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05072009_020032

Files moved on Reboot...
File C:\Documents and Settings\Hans\Local Settings\temp\etilqs_H0XboSe5p9FfSbYkFlQu not found!
C:\WINDOWS\temp\Perflib_Perfdata_254.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_72c.dat not found!

Registry entries deleted on Reboot...




Step 3

OTListIt logfile created on: 5/7/2009 2:07:19 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Hans\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.44 Gb Free Space | 43.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 968.25 Mb Total Space | 968.20 Mb Free Space | 100.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOFT
Current User Name: Hans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\Gigabyte\ET5\GUI.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\SealedMedia\sealmon.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe (GIGABYTE TECHNOLOGY CO., LTD.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Hans\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CBTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (ET5Drv [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\ET5Drv.sys (Microsoft Corporation)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (itchfltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\itchfltr.sys (Logitech, Inc.)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV - (LCcfltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (odysseyIM3 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys (Funk Software, Inc.)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT61 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RT61.sys (Ralink Technology Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V0250Dev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0250Dev.sys (Creative Technology Ltd.)
DRV - (wind502u [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wind502u.sys (Envara Inc.)
DRV - (MarkFun_NT [On_Demand | Running]) -- C:\Program Files\Gigabyte\ET5\markfun.w32 (Windows ® 2000 DDK provider)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.6
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11
FF - prefs.js..extensions.enabledItems: {6D898772-AD34-4c16-86BB-9DE787A5DEA0}:1.08
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.05
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}:1.0
FF - prefs.js..extensions.enabledItems: {40104CE3-27EC-42BC-BC88-08DC4D62505C}:1.0
FF - prefs.js..extensions.enabledItems: {23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}:1.0
FF - prefs.js..extensions.enabledItems: {360BBE0D-A329-4B69-A105-BB5001FF657A}:1.0
FF - prefs.js..extensions.enabledItems: {E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}:1.0
FF - prefs.js..extensions.enabledItems: {8DC09C02-327A-42B7-99B4-D1778E59D825}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008/10/07 00:25:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/04 00:02:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 13:50:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/06 17:05:23 | 00,000,000 | ---D | M]

[2008/06/28 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Extensions
[2008/06/28 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/06 18:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions
[2009/02/21 22:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/02/15 22:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2008/10/26 17:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2009/03/15 16:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/04/01 16:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/12/03 02:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/01 16:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/02/15 22:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/16 20:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/04/10 12:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\mozilla\Firefox\Profiles\ymj6zi6x.default\extensions\[email protected]
[2008/12/23 14:06:23 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\aim-search.xml
[2009/05/04 16:34:40 | 00,005,600 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\pizzatorrent.xml
[2009/05/04 16:34:40 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\weathercom.xml
[2007/07/23 23:11:41 | 00,001,083 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\wikipedia-.xml
[2008/06/23 00:43:24 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Mozilla\FireFox\Profiles\ymj6zi6x.default\searchplugins\wikipedia-en.xml
[2009/05/06 18:22:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/03 14:25:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}
[2009/05/03 17:41:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{360BBE0D-A329-4B69-A105-BB5001FF657A}
[2009/05/01 11:37:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{40104CE3-27EC-42BC-BC88-08DC4D62505C}
[2009/05/03 23:38:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8DC09C02-327A-42B7-99B4-D1778E59D825}
[2009/04/28 13:50:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 03:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}
[2009/05/04 00:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/03 14:55:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}
[2009/04/28 13:50:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 13:50:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/01 07:17:19 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/01 07:17:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/01 07:17:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/01 07:17:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/01 07:17:19 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/01 07:17:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/01 07:17:19 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe ()
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe (GIGABYTE TECHNOLOGY CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/31 23:11:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/06 17:21:33 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 17:06:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/05/05 21:29:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/05 18:04:15 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/05/05 18:03:30 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\LopSD.exe
[2009/05/05 18:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Local Settings\temp
[2009/05/05 17:48:18 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2009/05/05 17:48:16 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 17:48:15 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 17:47:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 17:47:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 17:47:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 17:47:36 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 17:47:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 17:47:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 17:47:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 17:47:36 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 17:46:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/05/05 17:45:38 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/05 17:43:02 | 03,012,988 | R--- | C] () -- C:\Documents and Settings\Hans\Desktop\ComboFix.exe
[2009/05/04 16:56:18 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/05/04 16:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/05/04 13:08:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hans\Desktop\OTListIt2.exe
[2009/05/04 13:07:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/04 13:00:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/04 13:00:07 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:59:58 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\NTREGOPT.lnk
[2009/05/04 12:59:58 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\ERUNT.lnk
[2009/05/04 12:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/04 03:53:37 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/04 03:53:37 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/04 03:53:37 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/04 03:53:37 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/04 03:53:37 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/04 03:53:36 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/04 03:53:36 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/04 03:53:36 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/04 03:53:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/04 03:53:25 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/04 03:53:25 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/04 03:53:23 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/04 03:52:53 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/05/04 03:07:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/05/04 03:07:12 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/04 03:07:12 | 00,110,992 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/04 03:07:12 | 00,080,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/05/04 03:07:12 | 00,024,336 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/04 03:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/05/04 02:58:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/04 02:58:31 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\SpywareBlaster.lnk
[2009/05/04 02:58:30 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/05/04 02:39:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/04 02:28:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/04 02:27:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/04 02:26:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/04 02:24:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/04 02:22:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Desktop\SysRestorePoint_v12
[2009/05/04 02:22:45 | 00,007,180 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\SysRestorePoint_v12.zip
[2009/05/04 02:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Desktop\SysRestorePoint_v13
[2009/05/04 02:20:23 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\SysRestorePoint_v13.zip
[2009/05/04 02:12:48 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 00:19:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/04 00:19:08 | 00,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/04 00:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/04 00:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\SUPERAntiSpyware.com
[2009/05/03 14:49:40 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/01 17:38:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/01 17:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\Malwarebytes
[2009/05/01 17:12:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 17:12:55 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 17:12:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 17:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/01 17:12:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/01 17:10:39 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hans\Desktop\mbam-setup.exe
[2009/05/01 17:00:34 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/01 17:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\Storm
[2009/05/01 16:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2009/05/01 14:10:44 | 00,015,062 | ---- | C] () -- C:\Documents and Settings\Hans\Desktop\Process.docx
[2009/05/01 02:55:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/01 02:24:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/29 00:10:29 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Hans\Desktop\setup-spybotsd162.exe
[2009/04/21 03:10:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/21 03:10:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/16 17:31:33 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 17:31:33 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 17:31:33 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 17:31:33 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 17:31:33 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 17:31:33 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 17:31:33 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 17:31:33 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 17:31:33 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 17:31:32 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/16 17:31:32 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/16 17:31:31 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/16 17:31:10 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 17:31:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 04:18:21 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/04/14 01:05:14 | 00,001,376 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/13 22:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/04/13 22:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/13 22:01:04 | 00,000,336 | ---- | C] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/13 21:58:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2009/04/13 20:25:11 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Kkozu.dat
[2009/04/13 20:25:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Isarafawinaqafo.bin
[2008/12/03 04:31:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/15 02:08:11 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/02 23:16:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 23:16:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 23:16:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 23:16:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 23:16:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/09 12:39:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2008/04/09 12:10:42 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2007/09/25 21:53:59 | 00,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/09/12 11:10:40 | 00,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
[2007/08/26 13:28:03 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/08/26 13:28:03 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/08/26 13:28:03 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/08/26 13:28:03 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/08/26 13:28:03 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/08/26 13:28:03 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/19 18:38:36 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/17 15:32:03 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/10 16:24:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/01 22:32:37 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2007/01/31 23:34:07 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2007/01/31 23:26:46 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ycc.dll
[2007/01/31 23:18:47 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/13 17:03:14 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2006/02/28 08:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/15 01:56:50 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/11/05 09:31:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2002/10/31 00:35:48 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/03/16 20:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000080.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/07 02:05:02 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/07 02:04:01 | 00,200,051 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/07 02:02:25 | 00,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/07 02:02:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Hans\Local Settings\desktop.ini
[2009/05/07 02:01:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 02:01:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/06 22:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/06 15:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Hans.job
[2009/05/06 09:33:53 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/05 18:03:31 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\LopSD.exe
[2009/05/05 17:56:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/05 17:54:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/05 17:48:18 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/05/05 17:43:14 | 03,012,988 | R--- | M] () -- C:\Documents and Settings\Hans\Desktop\ComboFix.exe
[2009/05/05 03:00:32 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/04 13:08:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Desktop\OTListIt2.exe
[2009/05/04 13:00:07 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Hans\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:59:58 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\NTREGOPT.lnk
[2009/05/04 12:59:58 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\ERUNT.lnk
[2009/05/04 03:53:37 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/04 03:53:36 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/04 03:52:53 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/05/04 03:07:12 | 00,155,384 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/04 03:07:12 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/05/04 03:07:12 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/05/04 03:07:12 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/05/04 02:58:31 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\SpywareBlaster.lnk
[2009/05/04 02:55:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/04 02:40:41 | 00,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/04 02:40:41 | 00,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/04 02:40:41 | 00,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/04 02:39:53 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\Hans\My Documents\desktop.ini
[2009/05/04 02:38:51 | 00,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/04 02:25:56 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/04 02:22:20 | 00,007,180 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\SysRestorePoint_v12.zip
[2009/05/04 02:19:18 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\SysRestorePoint_v13.zip
[2009/05/04 02:04:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/04 00:19:08 | 00,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/02 18:06:07 | 00,001,376 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/01 17:12:55 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 17:10:41 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hans\Desktop\mbam-setup.exe
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 14:10:44 | 00,015,062 | ---- | M] () -- C:\Documents and Settings\Hans\Desktop\Process.docx
[2009/05/01 13:53:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zemuteme
[2009/05/01 02:24:17 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/29 08:23:38 | 00,309,770 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090429-082338.backup
[2009/04/29 08:23:38 | 00,309,728 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090429-093120.backup
[2009/04/29 00:11:16 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Hans\Desktop\setup-spybotsd162.exe
[2009/04/21 03:10:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/21 03:10:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/14 04:18:21 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/04/14 00:53:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Isarafawinaqafo.bin
[2009/04/13 22:58:51 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Kkozu.dat
[2009/04/13 22:01:04 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/13 21:04:04 | 00,312,568 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/04/13 20:41:30 | 00,312,568 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090413-210404.backup
[2009/04/13 20:12:47 | 00,001,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090413-204130.backup

========== Custom Scans ==========


< c:\documents and settings\Hans\Local Settings\Application Data\{34DD23EC-0F88-40BD-B641-9B944710EB34}(2)\*. * >

< C:\DOCUME~1\ALLUSE~1\APPLIC~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\*. * >

< C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\*.* >
[2009/05/03 15:01:36 | 00,000,489 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.dat
[2009/03/12 04:17:34 | 02,902,048 | ---- | M] (Lavasoft ) -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
[2009/05/01 02:24:17 | 00,000,009 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.lan
[2009/03/12 04:17:31 | 01,802,240 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.msi
[2009/05/01 02:24:17 | 00,009,318 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.par
[2009/03/12 04:17:35 | 05,115,615 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.res
[2009/05/01 02:24:17 | 00,000,090 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\instance.dat
[2009/03/12 04:17:31 | 00,578,782 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\mia.lib

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

[Wasuremono]

Okay, the gmer log was still too big to post even alone, I tried attaching it as a rar, but the upload failed, and said that I'm "not permitted to attach a file of this type".

Should I just try to manually divide and post the log?

[heir]

You should be able to zip it with the file extension .zip and attach it. try that first.

If no success then:
Use mediafire and upload the file there and post a link that I can download it from in your reply.

Edited by heir, 07 May 2009 - 12:18 PM.

[Wasuremono]

I have attached the zipped gmer log.

Attached Files

•  gmer.zip   24.52KB   187 downloads

[heir]

I'll check that GMER log later this evening or tomorrow.
I'll get back to you tomorrow.

How is your computer running at the moment?
Any issues?

[Wasuremono]

Seems to be about the same. Mostly fine except for the google page redirects. For now I've just been copy+pasting the search result urls into the address bar to get around the redirecting.

[heir]

GMER didn't reveal anything bad.
Let's do two other scans as well.

Step 1.
Goored-scan:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.


Step 2.
RootRepeal:

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Step 3.
Things I would like to see in your reply:

• The content of GooredLog.txt from step 1.
• The content of [bRoorRepeal.txt[/b] from step 2.

[Wasuremono]

Step 1

GooredFix v1.92 by jpshortstuff
Log created at 16:50 on 07/05/2009 running Option #1 (Hans)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{E4C8AA37-BB6A-42D5-932F-6BB3C93A5A26}

C:\Program Files\Mozilla Firefox\extensions\{B4F5D33D-8602-42A1-9CF7-C179BF5DE8DA}

C:\Program Files\Mozilla Firefox\extensions\{8DC09C02-327A-42B7-99B4-D1778E59D825}

C:\Program Files\Mozilla Firefox\extensions\{40104CE3-27EC-42BC-BC88-08DC4D62505C}

C:\Program Files\Mozilla Firefox\extensions\{360BBE0D-A329-4B69-A105-BB5001FF657A}

C:\Program Files\Mozilla Firefox\extensions\{23DBE842-01F7-4E18-AF18-C8A1BD9D8CF9}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"



Step 2

Upon clicking the .exe I received this message - "Could not read the kernel file! Please contact the author!"
Details:
DeviceIoControl Error! Error Code = 0xc000009a
Could not read the kernel file! Please contact the author!

So I went ahead and tried to run a scan anyway... bad idea. As soon as I finished clicking what to scan, and then the drive, my computer crashed immediately. Restarted and had a "serious error" message.

I realized I missed the note about having some programs open, so I made sure everything was closed. This time when I ran it I didn't get an error, but my computer crashed in the exact same manner.