address column redirect problem

Hewlett-packard / Pavilion dv8000 (ep404ua#...
January 3, 2009 at 13:16:18
Specs: Microsoft Windows XP Home Edition, 1.79 GHz / 2046 MB
Hi, I hope someone can help me to resolve my redirect problem. Most of the time when I input the address into the address column then it will redirect me to another site. I have run malwarebytes and AVG anit-virus and both didn't detect anything. Thank you in advance for any advise.

See More: address column redirect problem

Report •


#1
January 3, 2009 at 13:30:15

Report •

#2
January 3, 2009 at 15:54:00
Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#3
January 3, 2009 at 16:52:20
Hi Stern,

I run your given software link but nothing found. Please kindly advise. Thank you.


Report •

Related Solutions

#4
January 3, 2009 at 19:50:09
Hi Jabuck,

Here is the hijack log. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:32 AM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\a-squared Free\a2service.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/C...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://svca.solidworks.com/htdocs/p...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.5liao.com/talk.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eo...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadviso...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fsc...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B3A42E8-D498-436F-A075-39749FEA7E00}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B3A42E8-D498-436F-A075-39749FEA7E00}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 11396 bytes


Report •

#5
January 3, 2009 at 20:18:39
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, Windows Defender, Ad-Aware, and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

#6
January 3, 2009 at 20:58:32
Hi Jabuck,

Here is the hijack log. Thank you.

ComboFix 09-01-02.01 - Michael 2009-01-04 11:47:32.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1424 [GMT 7:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 10:34 . 2009-01-04 10:34 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-04 10:34 . 2009-01-04 10:34 1,409 --a------ c:\windows\QTFont.for
2009-01-04 05:01 . 2009-01-04 05:01 <DIR> d-------- c:\program files\ESET
2009-01-04 04:20 . 2009-01-04 04:42 <DIR> d-------- c:\program files\a-squared Free
2009-01-04 04:20 . 2009-01-04 04:20 12,861,144 --a------ c:\program files\a2FreeSetup.exe
2009-01-01 01:27 . 2009-01-01 01:27 <DIR> d-------- c:\program files\Panda Security
2009-01-01 01:27 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-30 21:36 . 2008-12-30 21:36 <DIR> d-------- c:\program files\PrevxCSI
2008-12-30 21:36 . 2008-12-30 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-12-30 21:36 . 2008-12-30 21:36 26,808 --a------ c:\windows\system32\drivers\pxark.sys
2008-12-28 16:33 . 2008-12-28 16:33 <DIR> d-------- c:\documents and settings\Michael\Application Data\ImgBurn
2008-12-28 16:30 . 2008-12-28 16:30 <DIR> d-------- c:\program files\ImgBurn
2008-12-28 16:29 . 2008-12-28 16:29 1,971,378 --a------ c:\program files\SetupImgBurn_2.4.2.0.exe
2008-12-28 15:26 . 2008-12-28 16:20 331,805,736 --a------ C:\XPSP3.exe
2008-12-28 14:51 . 2008-12-28 16:27 <DIR> d-------- C:\XPSETUP
2008-12-28 14:50 . 2000-07-21 10:40 2,048 --a------ C:\w2ksect.bin
2008-12-28 14:45 . 2008-12-28 14:45 4,145 --a------ C:\wxp10.zip
2008-12-27 17:09 . 2008-12-27 18:17 <DIR> d-------- c:\documents and settings\Administrator\.housecall6.6
2008-12-27 17:06 . 2005-11-14 17:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-12-27 17:06 . 2005-11-14 17:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-27 17:06 . 2008-12-27 17:09 <DIR> d-------- c:\documents and settings\Administrator
2008-12-27 10:03 . 2008-12-27 10:03 50,688 --a------ c:\program files\ATF-Cleaner.exe
2008-12-27 08:35 . 2008-12-27 08:36 <DIR> d-------- C:\rsit
2008-12-25 13:30 . 2008-12-25 13:30 0 --a------ c:\windows\nsreg.dat
2008-12-25 13:04 . 2008-12-25 13:29 7,518,240 --a------ c:\program files\Firefox_Setup_3.0.5.exe
2008-12-25 12:37 . 2008-12-25 13:21 250 --a------ c:\windows\gmer.ini
2008-12-24 07:26 . 2008-12-24 07:26 <DIR> d-------- C:\ERDNT
2008-12-23 22:08 . 2008-12-23 22:08 <DIR> d--hs---- c:\documents and settings\Michael\UserData
2008-12-09 22:43 . 2008-12-09 22:42 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 18:27 . 2008-12-06 18:27 8,009,920 --a------ c:\program files\SpywareTerminator_Setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 17:35 --------- d-----w c:\documents and settings\Michael\Application Data\Skype
2009-01-02 09:54 --------- d-----w c:\documents and settings\Michael\Application Data\skypePM
2009-01-01 04:13 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-31 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 00:47 1,432 ----a-w c:\program files\DelDomains.inf
2008-12-25 02:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-24 15:11 --------- d-----w c:\program files\Sogou PXP
2008-12-23 15:45 --------- d-----w c:\documents and settings\Michael\Application Data\Moyea
2008-12-23 00:10 --------- d-----w c:\program files\FlashGet
2008-12-21 09:03 --------- d-----w c:\program files\Symantec
2008-12-21 09:03 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 15:42 --------- d-----w c:\program files\Java
2008-12-03 12:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 12:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 03:45 --------- d-----w c:\documents and settings\Michael\Application Data\Malwarebytes
2008-12-03 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 03:44 2,372,472 ----a-w c:\program files\mbam-setup.exe
2008-11-14 10:27 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-11-14 10:20 2,955,128 ----a-w c:\program files\ccsetup213.exe
2008-11-14 10:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 12:24 4,900,376 ----a-w c:\program files\LimeWireWin.exe
2008-11-12 12:24 --------- d-----w c:\program files\LimeWire
2008-11-10 22:58 --------- d-----w c:\program files\Sun
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 07:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 07:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 07:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 07:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 07:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 07:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 07:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 07:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 07:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 07:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 07:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 07:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 07:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 07:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 07:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 07:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 07:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 00:00 99,380,377 ----a-w c:\program files\ShiYang71b.exe
2008-07-31 13:48 6,552,472 ----a-w c:\program files\AWCSetup.exe
2008-07-22 14:23 15,083,520 ----a-w c:\program files\spybotsd160.exe
2008-07-22 13:54 19,153,264 ----a-w c:\program files\aaw2008.exe
2008-07-22 13:28 2,919,360 ----a-w c:\program files\ccsetup209.exe
2008-07-18 08:04 48,367,896 ----a-w c:\program files\avg_free_stf_en_8_138a1332.exe
2008-05-28 12:42 2,897,456 ----a-w c:\program files\ccsetup207.exe
2008-04-03 16:30 7,545,416 ----a-w c:\program files\klcodec385s.exe
2008-02-14 20:44 1,865,073 ----a-w c:\program files\FTPNow26.exe
2008-02-14 19:22 3,742,383 ----a-w c:\program files\CoffeeFreeFTPInstaller.exe
2008-02-14 19:12 6,876,368 ----a-w c:\program files\cuteftp3p.exe
2008-02-12 04:38 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-10 00:28 2,724,328 ----a-w c:\program files\ccsetup203.exe
2007-12-09 14:47 282,012,712 ----a-w c:\program files\Acro3D80_efg.exe
2007-12-09 05:33 5,334,510 ----a-w c:\program files\2006v1svlite.exe
2007-12-09 04:00 14,837,512 ----a-w c:\program files\freedwgviewer.exe
2007-12-09 02:15 25,555,344 ----a-w c:\program files\eDrawingsFullEnglish.exe
2007-12-08 11:46 5,831,160 ----a-w c:\program files\rminstall.exe
2007-11-24 04:25 5,914,648 ----a-w c:\program files\SUPERAntiSpyware.exe
2007-10-08 02:46 19,755,376 ----a-w c:\program files\aaw2007.exe
2007-09-23 00:48 3,655,488 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-09-23 00:43 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-07-26 10:26 0 ----a-w c:\documents and settings\Michael\Application Data\wklnhst.dat
2007-04-30 03:45 20,942,920 ----a-w c:\program files\SkypeSetup.exe
2007-03-24 09:28 9,568,776 ----a-w c:\program files\TU2007TrialEN.exe
2007-01-23 13:22 1,035,271 ----a-w c:\program files\wrar362.exe
2006-09-28 15:08 3,224,047 ----a-w c:\program files\fgf173.exe
2006-09-28 15:04 2,161,796 ----a-w c:\program files\fg172.zip
2006-09-21 04:44 443,432 ----a-w c:\program files\msgr8us.exe
2006-09-20 05:16 1,107,866 ----a-w c:\program files\en_dpchameleon.exe
2006-09-04 13:59 524,288 ----a-w c:\program files\recordsmart10setup.exe
2006-09-04 13:42 1,095,964 ----a-w c:\program files\recordanythingtrial.exe
2006-07-02 18:59 746,123 ----a-w c:\program files\ring-Voiz-v620.exe
2006-06-24 19:11 10,887,904 ----a-w c:\program files\Tom-SkypeSetup.exe
2006-06-24 18:50 5,846,632 ----a-w c:\program files\winzip100.exe
2006-06-24 18:47 2,855,080 ----a-w c:\program files\aawsepersonal.exe
2006-06-24 18:42 4,411,968 ------w c:\program files\turtleparadise_demo.exe
2008-09-11 15:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-01 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-05 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-25 397312]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-02 233534]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-10 40960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-20 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-08-14 2235720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2005-09-23 30720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 11:13 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]lsdelete

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"CameraFixer"=c:\windows\CameraFixer.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"snpstd3"=c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Video Server S\\Video Server S.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-01 28544]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-12-30 26808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-18 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-05-03 211584]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-18 231704]
R4 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-12-30 927288]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2006-08-03 91263]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca4b5d96-09e7-11db-b06f-000fb0bd7884}]
\Shell\AutoRun\command - E:\Secret.exe
\Shell\explore\Command - E:\Secret.exe
\Shell\open\Command - E:\Secret.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf5acae1-0110-11db-b04d-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - A2FREE
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2009-01-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {0B3A42E8-D498-436F-A075-39749FEA7E00} = 208.67.222.222,208.67.220.220

O16 -: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://svca.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
c:\windows\Downloaded Program Files\eModelsStandard.inf

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://www.5liao.com/talk.cab
c:\windows\Downloaded Program Files\talk.inf

O16 -: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
c:\windows\Downloaded Program Files\OnlineScanner.inf
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9t4layap.default\
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 11:48:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?6?3??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\avgrsstx.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-04 11:49:56
ComboFix-quarantined-files.txt 2009-01-04 04:49:33
ComboFix2.txt 2008-12-25 23:33:37

Pre-Run: 45,645,070,336 bytes free
Post-Run: 45,677,223,936 bytes free

269 --- E O F --- 2009-01-02 01:23:35


Report •

#7
January 3, 2009 at 21:22:34
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
E:\Secret.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca4b5d96-09e7-11db-b06f-000fb0bd7884}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


Report •

#8
January 3, 2009 at 21:59:51
Hi Jabuck,
Thank you for your instruction and he is the hhijack log and the gooredfix log. Thanks.

ComboFix 09-01-02.01 - Michael 2009-01-04 12:39:45.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1429 [GMT 7:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
E:\Secret.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 10:34 . 2009-01-04 10:34 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-04 10:34 . 2009-01-04 10:34 1,409 --a------ c:\windows\QTFont.for
2009-01-04 04:20 . 2009-01-04 04:42 <DIR> d-------- c:\program files\a-squared Free
2009-01-04 04:20 . 2009-01-04 04:20 12,861,144 --a------ c:\program files\a2FreeSetup.exe
2009-01-01 01:27 . 2009-01-01 01:27 <DIR> d-------- c:\program files\Panda Security
2009-01-01 01:27 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-30 21:36 . 2008-12-30 21:36 <DIR> d-------- c:\program files\PrevxCSI
2008-12-30 21:36 . 2008-12-30 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-12-30 21:36 . 2008-12-30 21:36 26,808 --a------ c:\windows\system32\drivers\pxark.sys
2008-12-28 16:33 . 2008-12-28 16:33 <DIR> d-------- c:\documents and settings\Michael\Application Data\ImgBurn
2008-12-28 16:30 . 2008-12-28 16:30 <DIR> d-------- c:\program files\ImgBurn
2008-12-28 16:29 . 2008-12-28 16:29 1,971,378 --a------ c:\program files\SetupImgBurn_2.4.2.0.exe
2008-12-28 15:26 . 2008-12-28 16:20 331,805,736 --a------ C:\XPSP3.exe
2008-12-28 14:51 . 2008-12-28 16:27 <DIR> d-------- C:\XPSETUP
2008-12-28 14:50 . 2000-07-21 10:40 2,048 --a------ C:\w2ksect.bin
2008-12-28 14:45 . 2008-12-28 14:45 4,145 --a------ C:\wxp10.zip
2008-12-27 17:09 . 2008-12-27 18:17 <DIR> d-------- c:\documents and settings\Administrator\.housecall6.6
2008-12-27 17:06 . 2005-11-14 17:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-12-27 17:06 . 2005-11-14 17:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-27 17:06 . 2008-12-27 17:09 <DIR> d-------- c:\documents and settings\Administrator
2008-12-27 10:03 . 2008-12-27 10:03 50,688 --a------ c:\program files\ATF-Cleaner.exe
2008-12-27 08:35 . 2008-12-27 08:36 <DIR> d-------- C:\rsit
2008-12-25 13:30 . 2008-12-25 13:30 0 --a------ c:\windows\nsreg.dat
2008-12-25 13:04 . 2008-12-25 13:29 7,518,240 --a------ c:\program files\Firefox_Setup_3.0.5.exe
2008-12-25 12:37 . 2008-12-25 13:21 250 --a------ c:\windows\gmer.ini
2008-12-24 07:26 . 2008-12-24 07:26 <DIR> d-------- C:\ERDNT
2008-12-23 22:08 . 2008-12-23 22:08 <DIR> d--hs---- c:\documents and settings\Michael\UserData
2008-12-09 22:43 . 2008-12-09 22:42 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 18:27 . 2008-12-06 18:27 8,009,920 --a------ c:\program files\SpywareTerminator_Setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 17:35 --------- d-----w c:\documents and settings\Michael\Application Data\Skype
2009-01-02 09:54 --------- d-----w c:\documents and settings\Michael\Application Data\skypePM
2009-01-01 04:13 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-31 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 00:47 1,432 ----a-w c:\program files\DelDomains.inf
2008-12-25 02:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-24 15:11 --------- d-----w c:\program files\Sogou PXP
2008-12-23 15:45 --------- d-----w c:\documents and settings\Michael\Application Data\Moyea
2008-12-23 00:10 --------- d-----w c:\program files\FlashGet
2008-12-21 09:03 --------- d-----w c:\program files\Symantec
2008-12-21 09:03 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-09 15:42 --------- d-----w c:\program files\Java
2008-12-03 12:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 12:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 03:45 --------- d-----w c:\documents and settings\Michael\Application Data\Malwarebytes
2008-12-03 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 03:44 2,372,472 ----a-w c:\program files\mbam-setup.exe
2008-11-14 10:27 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-11-14 10:20 2,955,128 ----a-w c:\program files\ccsetup213.exe
2008-11-14 10:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 12:24 4,900,376 ----a-w c:\program files\LimeWireWin.exe
2008-11-12 12:24 --------- d-----w c:\program files\LimeWire
2008-11-10 22:58 --------- d-----w c:\program files\Sun
2008-10-03 00:00 99,380,377 ----a-w c:\program files\ShiYang71b.exe
2008-07-31 13:48 6,552,472 ----a-w c:\program files\AWCSetup.exe
2008-07-22 14:23 15,083,520 ----a-w c:\program files\spybotsd160.exe
2008-07-22 13:54 19,153,264 ----a-w c:\program files\aaw2008.exe
2008-07-22 13:28 2,919,360 ----a-w c:\program files\ccsetup209.exe
2008-07-18 08:04 48,367,896 ----a-w c:\program files\avg_free_stf_en_8_138a1332.exe
2008-05-28 12:42 2,897,456 ----a-w c:\program files\ccsetup207.exe
2008-04-03 16:30 7,545,416 ----a-w c:\program files\klcodec385s.exe
2008-02-14 20:44 1,865,073 ----a-w c:\program files\FTPNow26.exe
2008-02-14 19:22 3,742,383 ----a-w c:\program files\CoffeeFreeFTPInstaller.exe
2008-02-14 19:12 6,876,368 ----a-w c:\program files\cuteftp3p.exe
2008-02-12 04:38 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-10 00:28 2,724,328 ----a-w c:\program files\ccsetup203.exe
2007-12-09 14:47 282,012,712 ----a-w c:\program files\Acro3D80_efg.exe
2007-12-09 05:33 5,334,510 ----a-w c:\program files\2006v1svlite.exe
2007-12-09 04:00 14,837,512 ----a-w c:\program files\freedwgviewer.exe
2007-12-09 02:15 25,555,344 ----a-w c:\program files\eDrawingsFullEnglish.exe
2007-12-08 11:46 5,831,160 ----a-w c:\program files\rminstall.exe
2007-11-24 04:25 5,914,648 ----a-w c:\program files\SUPERAntiSpyware.exe
2007-10-08 02:46 19,755,376 ----a-w c:\program files\aaw2007.exe
2007-09-23 00:48 3,655,488 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-09-23 00:43 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-07-26 10:26 0 ----a-w c:\documents and settings\Michael\Application Data\wklnhst.dat
2007-04-30 03:45 20,942,920 ----a-w c:\program files\SkypeSetup.exe
2007-03-24 09:28 9,568,776 ----a-w c:\program files\TU2007TrialEN.exe
2007-01-23 13:22 1,035,271 ----a-w c:\program files\wrar362.exe
2006-09-28 15:08 3,224,047 ----a-w c:\program files\fgf173.exe
2006-09-28 15:04 2,161,796 ----a-w c:\program files\fg172.zip
2006-09-21 04:44 443,432 ----a-w c:\program files\msgr8us.exe
2006-09-20 05:16 1,107,866 ----a-w c:\program files\en_dpchameleon.exe
2006-09-04 13:59 524,288 ----a-w c:\program files\recordsmart10setup.exe
2006-09-04 13:42 1,095,964 ----a-w c:\program files\recordanythingtrial.exe
2006-07-02 18:59 746,123 ----a-w c:\program files\ring-Voiz-v620.exe
2006-06-24 19:11 10,887,904 ----a-w c:\program files\Tom-SkypeSetup.exe
2006-06-24 18:50 5,846,632 ----a-w c:\program files\winzip100.exe
2006-06-24 18:47 2,855,080 ----a-w c:\program files\aawsepersonal.exe
2006-06-24 18:42 4,411,968 ------w c:\program files\turtleparadise_demo.exe
2008-09-11 15:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_11.49.13.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-03 18:55:16 220,066 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-04 04:57:27 220,610 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-03 18:55:16 662,814 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-04 04:57:27 663,716 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-04 05:43:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_41c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-01 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-05 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-25 397312]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-02 233534]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-10 40960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-20 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-08-14 2235720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2005-09-23 30720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 11:13 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]lsdelete

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"CameraFixer"=c:\windows\CameraFixer.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"snpstd3"=c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Video Server S\\Video Server S.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-01 28544]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-12-30 26808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-18 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-05-03 211584]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-18 231704]
R4 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-12-30 927288]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2006-08-03 91263]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2009-01-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {0B3A42E8-D498-436F-A075-39749FEA7E00} = 208.67.222.222,208.67.220.220

O16 -: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://svca.solidworks.com/htdocs/pdownload/edrawings/e2007sp04/cab/eModelsStandard.cab
c:\windows\Downloaded Program Files\eModelsStandard.inf

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://www.5liao.com/talk.cab
c:\windows\Downloaded Program Files\talk.inf

O16 -: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
c:\windows\Downloaded Program Files\OnlineScanner.inf
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9t4layap.default\
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 12:43:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?6?3??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
r Running Proce
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CAP3RSK.EXE
c:\program files\HPQ\Shared\hpqwmi.exe
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-01-04 12:47:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 05:47:47
ComboFix2.txt 2009-01-04 04:51:06
ComboFix3.txt 2008-12-25 23:33:37

Pre-Run: 45,656,113,152 bytes free
Post-Run: 45,642,473,472 bytes free

261 --- E O F --- 2009-01-02 01:23:35

___________________________________

GooredFix v1.6 by jpshortstuff
Log created at 12:53 on 04/01/2009 running Option #1
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"



Report •

#9
January 3, 2009 at 22:16:04
Once you get SDFix downloaded go offline, turn off your antivirus, and turn off any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log.

Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt


Report •

#10
January 3, 2009 at 22:50:47
Hi Jabuck,

Here is the SDFix log. Thank you.


[b]SDFix: Version 1.240 [/b]
Run by Michael on Sun 01/04/2009 at 01:35 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found


Removing Temp Files

[b]ADS Check [/b]:


[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 13:41:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Video Server S\\Video Server S.exe"="C:\\Program Files\\Video Server S\\Video Server S.exe:*:Enabled:Video Server S"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 6 Sep 2006 132 A..H. --- "C:\WINDOWS\system32\einfopsv10.dll"
Sat 30 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 29 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 30 Sep 2006 4,348 A..H. --- "C:\Documents and Settings\Michael\My Documents\My Music\License Backup\drmv1key.bak"
Sat 30 Sep 2006 20 A..H. --- "C:\Documents and Settings\Michael\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 30 Sep 2006 400 A.SH. --- "C:\Documents and Settings\Michael\My Documents\My Music\License Backup\drmv2key.bak"
Thu 28 Sep 2006 34,308 ...H. --- "C:\Documents and Settings\Michael\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"

[b]Finished![/b]


Report •

#11
January 3, 2009 at 22:56:54
If you have a router reset it and see if that will stop the redirects.

I see nothing in the logs so far,


Report •

#12
January 3, 2009 at 23:12:15
Hi Jabuck,

I am too sure how to reset this ADSL modem router but I will ask someone to come to reset this tomorrow. My firefox program and my wife computer don't have this problem.


Report •

#13
January 4, 2009 at 07:37:01
Run SystemScan from the following link below as directed on their site and post its log please:

SystemScan Guide


Report •

#14
January 4, 2009 at 13:06:49
Hi Jabuck,

Sorry for my late reply. I will do the scanning now. I did a scan today by microtrend online virus check and discovered 130 infections with the spyware called Men-watcher. I try to delete it but the computer just hang there because it has used up 100% of the cpu resource so I close that page and the cpu usuage back to normal. Thank you


Report •

#15
January 4, 2009 at 13:51:45
Hi Jabuck,

Do you think the log is too big to be allow posting?

After I paste the log in the column then Sumit Follow up. It give me a blank page and finish there.


Report •

#16
January 4, 2009 at 14:04:33
Hi Jabuck,

May be I seperate out the page.

SystemScan - www.suspectfile.com - ver. 3.6.2 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\QKB7OK8E\sys11059[1].exe
Running in: User mode
Date: 1/5/2009
Time: 3:59:36 AM

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
| Guest
| HelpAssistant (Disabled)
Yes | Michael
| SUPPORT_388945a0 (Disabled)

### users folders

14/11/2005 16:41:03 (DIR) 0 byte 1148 days old -- All Users
21/06/2006 17:35:43 (DIR) 0 byte 929 days old -- Default User
02/06/2008 11:10:31 53760 byte 217 days old -- hangzhou invoice PL.xls
11/03/2008 21:53:54 (DIR) 0 byte 300 days old -- LocalService
27/12/2008 17:09:42 (DIR) 0 byte 9 days old -- Administrator
30/12/2008 21:15:47 (DIR) 0 byte 6 days old -- Michael
01/01/2009 02:04:15 (DIR) 0 byte 4 days old -- NetworkService

### startup files in users folders

C:\documents and settings\Administrator\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK
C:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\documents and settings\Michael\Start Menu\Programs\Startup\desktop.ini

===================== RECENT FILES =====================
Listing files newer than 60 days

---- recent files in C:\
14/11/2005 16:41:03 -- 04/01/2009 21:48:13 (DIR) ---- 0 days old -- C:\WINDOWS
19/07/2008 12:44:19 -- 04/01/2009 21:40:38 (DIR) H--- 0 days old -- C:\$AVG8.VAULT$
04/01/2009 18:54:13 -- 04/01/2009 18:54:13 (DIR) HS-- 0 days old -- C:\RECYCLER
04/01/2009 13:22:44 -- 04/01/2009 13:43:49 (DIR) ---- 0 days old -- C:\SDFix
04/01/2009 11:32:20 -- 04/01/2009 12:47:56 (DIR) ---- 0 days old -- C:\Qoobox
14/11/2005 16:41:03 -- 04/01/2009 11:52:34 (DIR) ---- 0 days old -- C:\Program Files
29/09/2006 17:35:06 -- 03/01/2009 17:41:19 (DIR) ---- 1 days old -- C:\Downloads
14/11/2005 16:46:04 -- 02/01/2009 09:33:50 (DIR) HS-- 2 days old -- C:\System Volume Information
28/12/2008 14:51:16 -- 28/12/2008 16:27:23 (DIR) ---- 7 days old -- C:\XPSETUP
14/11/2005 16:41:03 -- 27/12/2008 17:06:57 (DIR) ---- 8 days old -- C:\Documents and Settings
27/12/2008 08:35:43 -- 27/12/2008 08:36:03 (DIR) ---- 8 days old -- C:\rsit
24/12/2008 07:26:19 -- 24/12/2008 07:26:42 (DIR) ---- 11 days old -- C:\ERDNT
23/12/2008 15:18:29 -- 23/12/2008 15:18:29 (DIR) HSRA 12 days old -- C:\autorun.inf
23/12/2008 07:13:51 -- 23/12/2008 07:13:57 (DIR) HSRA 12 days old -- C:\cmdcons
21/12/2008 16:03:25 -- 21/12/2008 16:05:36 (DIR) HS-- 14 days old -- C:\Config.Msi
04/01/2009 13:38:32 -- 04/01/2009 18:41:492145636352 HS-A 0 days old -- C:\hiberfil.sys
21/06/2006 17:29:32 -- 04/01/2009 18:41:47 805306368 HS-A 0 days old -- C:\pagefile.sys
27/03/2008 14:06:48 -- 04/01/2009 14:25:39 244 H--A 0 days old -- C:\sqmnoopt07.sqm
27/03/2008 14:06:48 -- 04/01/2009 14:25:39 268 H--A 0 days old -- C:\sqmdata07.sqm
04/01/2009 12:47:52 -- 04/01/2009 12:47:52 17312 ---A 0 days old -- C:\ComboFix.txt
27/03/2008 08:16:04 -- 03/01/2009 21:03:48 268 H--A 1 days old -- C:\sqmdata06.sqm
27/03/2008 08:16:04 -- 03/01/2009 21:03:48 244 H--A 1 days old -- C:\sqmnoopt06.sqm
26/03/2008 22:28:43 -- 03/01/2009 18:14:04 268 H--A 1 days old -- C:\sqmdata05.sqm
26/03/2008 22:28:43 -- 03/01/2009 18:14:04 244 H--A 1 days old -- C:\sqmnoopt05.sqm
26/03/2008 17:49:22 -- 03/01/2009 17:42:10 244 H--A 1 days old -- C:\sqmnoopt04.sqm
26/03/2008 17:49:22 -- 03/01/2009 17:42:10 268 H--A 1 days old -- C:\sqmdata04.sqm
07/12/2007 06:12:00 -- 03/01/2009 08:04:12 244 H--A 1 days old -- C:\sqmnoopt03.sqm
07/12/2007 06:12:00 -- 03/01/2009 08:04:12 268 H--A 1 days old -- C:\sqmdata03.sqm
06/12/2007 21:02:49 -- 03/01/2009 03:31:05 268 H--A 2 days old -- C:\sqmdata02.sqm
06/12/2007 21:02:49 -- 03/01/2009 03:31:05 244 H--A 2 days old -- C:\sqmnoopt02.sqm
22/11/2007 06:47:12 -- 03/01/2009 00:35:37 268 H--A 2 days old -- C:\sqmdata01.sqm
22/11/2007 06:47:12 -- 03/01/2009 00:35:37 244 H--A 2 days old -- C:\sqmnoopt01.sqm
21/11/2007 21:34:16 -- 01/01/2009 11:30:24 268 H--A 3 days old -- C:\sqmdata00.sqm
21/11/2007 21:34:16 -- 01/01/2009 11:30:23 244 H--A 3 days old -- C:\sqmnoopt00.sqm
02/04/2008 11:02:57 -- 01/01/2009 11:04:35 268 H--A 3 days old -- C:\sqmdata19.sqm
02/04/2008 11:02:57 -- 01/01/2009 11:04:35 244 H--A 3 days old -- C:\sqmnoopt19.sqm
01/04/2008 17:52:06 -- 30/12/2008 17:04:55 244 H--A 5 days old -- C:\sqmnoopt18.sqm
01/04/2008 17:52:06 -- 30/12/2008 17:04:55 268 H--A 5 days old -- C:\sqmdata18.sqm
01/04/2008 13:28:22 -- 30/12/2008 12:43:24 268 H--A 5 days old -- C:\sqmdata17.sqm
01/04/2008 13:28:22 -- 30/12/2008 12:43:24 244 H--A 5 days old -- C:\sqmnoopt17.sqm
01/04/2008 00:10:26 -- 30/12/2008 11:02:28 268 H--A 5 days old -- C:\sqmdata16.sqm
01/04/2008 00:10:26 -- 30/12/2008 11:02:28 244 H--A 5 days old -- C:\sqmnoopt16.sqm
31/03/2008 23:23:27 -- 30/12/2008 01:10:55 268 H--A 6 days old -- C:\sqmdata15.sqm
31/03/2008 23:23:27 -- 30/12/2008 01:10:55 244 H--A 6 days old -- C:\sqmnoopt15.sqm
31/03/2008 18:26:02 -- 29/12/2008 13:28:26 268 H--A 6 days old -- C:\sqmdata14.sqm
31/03/2008 18:26:02 -- 29/12/2008 13:28:26 244 H--A 6 days old -- C:\sqmnoopt14.sqm
31/03/2008 11:19:01 -- 28/12/2008 22:25:20 268 H--A 7 days old -- C:\sqmdata13.sqm
31/03/2008 11:19:01 -- 28/12/2008 22:25:20 244 H--A 7 days old -- C:\sqmnoopt13.sqm
29/03/2008 17:03:38 -- 28/12/2008 19:22:56 244 H--A 7 days old -- C:\sqmnoopt12.sqm
29/03/2008 17:03:38 -- 28/12/2008 19:22:56 268 H--A 7 days old -- C:\sqmdata12.sqm
28/12/2008 15:26:14 -- 28/12/2008 16:20:14 331805736 ---A 7 days old -- C:\XPSP3.exe
29/03/2008 11:05:01 -- 28/12/2008 15:42:20 268 H--A 7 days old -- C:\sqmdata11.sqm
29/03/2008 11:05:01 -- 28/12/2008 15:42:20 244 H--A 7 days old -- C:\sqmnoopt11.sqm
28/12/2008 14:50:38 -- 21/07/2000 10:40:58 2048 ---A 7 days old -- C:\w2ksect.bin
28/12/2008 14:45:15 -- 28/12/2008 14:45:38 4145 ---A 7 days old -- C:\wxp10.zip
28/03/2008 22:10:35 -- 27/12/2008 23:58:17 268 H--A 8 days old -- C:\sqmdata10.sqm
28/03/2008 22:10:35 -- 27/12/2008 23:58:17 244 H--A 8 days old -- C:\sqmnoopt10.sqm
28/03/2008 12:55:24 -- 27/12/2008 17:05:44 244 H--A 8 days old -- C:\sqmnoopt09.sqm
28/03/2008 12:55:24 -- 27/12/2008 17:05:44 268 H--A 8 days old -- C:\sqmdata09.sqm
27/03/2008 23:11:01 -- 27/12/2008 13:16:48 244 H--A 8 days old -- C:\sqmnoopt08.sqm
27/03/2008 23:11:02 -- 27/12/2008 13:16:48 268 H--A 8 days old -- C:\sqmdata08.sqm
23/12/2008 07:13:57 -- 21/06/2006 17:35:50 211 ---A 12 days old -- C:\Boot.bak
07/08/2004 19:51:38 -- 23/12/2008 07:13:57 281 HSRA 12 days old -- C:\boot.ini
23/12/2008 07:13:56 -- 03/08/2004 23:00:00 260272 ---A 12 days old -- C:\cmldr

---- recent files in C:\DOCUME~1\Michael\LOCALS~1\Temp\
05/01/2009 03:58:41 -- 05/01/2009 03:59:37 (DIR) ---- 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\nss54C7.tmp
04/01/2009 21:40:47 -- 04/01/2009 21:47:49 (DIR) ---- 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\hsperfdata_Michael
05/01/2009 03:58:42 -- 05/01/2009 03:58:42 16384 ---A 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\~DFE1C8.tmp
05/01/2009 03:58:41 -- 05/01/2009 03:58:41 110 ---A 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\systemscan.ini
04/01/2009 21:52:35 -- 04/01/2009 21:52:38 21633320 ---A 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\V4VCT4a03080
04/01/2009 21:40:48 -- 04/01/2009 21:46:40 1289 ---A 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\java_install_reg.log
04/01/2009 18:43:52 -- 04/01/2009 18:43:52 16384 ---A 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\Perflib_Perfdata_f50.dat
04/01/2009 18:43:10 -- 04/01/2009 18:43:10 16384 ---A 0 days old -- C:\DOCUME~1\Michael\LOCALS~1\Temp\Perflib_Perfdata_ed0.dat

---- recent files in C:\WINDOWS\
04/01/2009 12:41:21 -- 05/01/2009 03:59:37 (DIR) ---- 0 days old -- C:\WINDOWS\temp
11/09/2008 22:48:12 -- 05/01/2009 03:35:15 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch
14/11/2005 16:41:04 -- 04/01/2009 21:48:45 (DIR) -S-- 0 days old -- C:\WINDOWS\Downloaded Program Files
04/01/2009 21:48:13 -- 04/01/2009 21:48:13 (DIR) ---- 0 days old -- C:\WINDOWS\LastGood
14/11/2005 16:41:05 -- 04/01/2009 18:47:03 (DIR) ---- 0 days old -- C:\WINDOWS\system32
14/11/2005 16:41:06 -- 04/01/2009 18:45:10 (DIR) -S-- 0 days old -- C:\WINDOWS\Tasks
04/01/2009 13:32:53 -- 04/01/2009 13:32:56 (DIR) ---- 0 days old -- C:\WINDOWS\ERUNT
14/11/2005 16:41:03 -- 04/01/2009 12:41:00 (DIR) ---- 0 days old -- C:\WINDOWS\AppPatch
05/11/2007 21:40:37 -- 04/01/2009 11:32:20 (DIR) ---- 0 days old -- C:\WINDOWS\erdnt
11/03/2008 22:10:47 -- 03/01/2009 13:09:36 (DIR) ---- 1 days old -- C:\WINDOWS\BDOSCAN8
14/11/2005 16:41:04 -- 01/01/2009 06:56:33 (DIR) H--- 3 days old -- C:\WINDOWS\inf
14/11/2005 16:41:05 -- 28/12/2008 22:25:37 (DIR) ---- 7 days old -- C:\WINDOWS\security
14/11/2005 16:41:04 -- 21/12/2008 16:03:24 (DIR) HS-- 14 days old -- C:\WINDOWS\Installer
13/01/2007 22:21:24 -- 19/12/2008 07:17:09 (DIR) ---- 16 days old -- C:\WINDOWS\ie7updates
14/11/2005 16:50:34 -- 19/12/2008 07:16:57 (DIR) H--- 16 days old -- C:\WINDOWS\$hf_mig$
14/11/2005 16:41:04 -- 13/12/2008 05:04:30 (DIR) ---- 22 days old -- C:\WINDOWS\Debug
13/12/2008 04:01:18 -- 13/12/2008 04:01:19 (DIR) H--- 22 days old -- C:\WINDOWS\$NtUninstallKB955839$
13/12/2008 03:57:52 -- 13/12/2008 03:57:53 (DIR) H--- 23 days old -- C:\WINDOWS\$NtUninstallKB952069_WM9$
13/12/2008 03:57:41 -- 13/12/2008 03:57:42 (DIR) H--- 23 days old -- C:\WINDOWS\$NtUninstallKB954600$
13/12/2008 03:57:20 -- 13/12/2008 03:57:21 (DIR) H--- 23 days old -- C:\WINDOWS\$NtUninstallKB956802$
06/01/2007 20:03:17 -- 06/12/2008 05:23:14 (DIR) ---- 29 days old -- C:\WINDOWS\network diagnostic
14/11/2005 16:41:04 -- 14/11/2008 17:14:02 (DIR) ---- 51 days old -- C:\WINDOWS\Help
12/11/2008 22:20:09 -- 12/11/2008 22:20:09 (DIR) H--- 53 days old -- C:\WINDOWS\$NtUninstallKB957097$
12/11/2008 22:19:59 -- 12/11/2008 22:19:59 (DIR) H--- 53 days old -- C:\WINDOWS\$NtUninstallKB954459$
12/11/2008 22:19:48 -- 12/11/2008 22:19:48 (DIR) H--- 53 days old -- C:\WINDOWS\$NtUninstallKB955069$
14/11/2005 16:41:06 -- 12/11/2008 22:19:37 (DIR) ---- 53 days old -- C:\WINDOWS\WinSxS
12/03/2008 07:17:41 -- 05/01/2009 02:07:23 1339795 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log
31/12/2008 14:45:28 -- 04/01/2009 21:48:45 76062 ---A 0 days old -- C:\WINDOWS\setupapi.log
01/01/2009 11:06:58 -- 04/01/2009 18:42:32 0 ---A 0 days old -- C:\WINDOWS\0.log
12/03/2008 07:22:50 -- 04/01/2009 18:42:26 159 ---A 0 days old -- C:\WINDOWS\wiadebug.log
12/03/2008 07:22:47 -- 04/01/2009 18:42:25 48 ---A 0 days old -- C:\WINDOWS\wiaservc.log
07/08/2004 20:16:54 -- 04/01/2009 18:41:52 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat
12/03/2008 07:22:32 -- 04/01/2009 14:25:51 32620 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt
04/01/2009 13:31:11 -- 04/01/2009 13:34:44 77660 ---A 0 days old -- C:\WINDOWS\ntbtlog.txt
07/08/2004 12:47:16 -- 04/01/2009 12:43:44 264 ---- 0 days old -- C:\WINDOWS\system.ini
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 49152 ---A 0 days old -- C:\WINDOWS\VFIND.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 98816 ---A 0 days old -- C:\WINDOWS\sed.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 212480 ---A 0 days old -- C:\WINDOWS\SWXCACLS.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 161792 ---A 0 days old -- C:\WINDOWS\SWREG.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 136704 ---A 0 days old -- C:\WINDOWS\SWSC.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 80412 ---A 0 days old -- C:\WINDOWS\grep.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 28672 ---A 0 days old -- C:\WINDOWS\NIRCMD.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 89504 ---A 0 days old -- C:\WINDOWS\fdsv.exe
04/01/2009 11:32:27 -- 31/08/2000 08:00:00 68096 ---A 0 days old -- C:\WINDOWS\zip.exe
04/01/2009 10:34:04 -- 04/01/2009 10:34:04 1409 ---A 0 days old -- C:\WINDOWS\QTFont.for
04/01/2009 10:34:04 -- 04/01/2009 10:34:04 54156 H--A 0 days old -- C:\WINDOWS\QTFont.qfn
17/12/2006 10:11:57 -- 01/01/2009 13:21:30 1606 ---A 3 days old -- C:\WINDOWS\cdplayer.ini
25/12/2008 13:30:15 -- 25/12/2008 13:30:15 0 ---A 10 days old -- C:\WINDOWS\nsreg.dat
25/12/2008 12:37:00 -- 25/12/2008 13:21:01 250 ---A 10 days old -- C:\WINDOWS\gmer.ini
25/12/2008 12:36:57 -- 17/04/2008 21:13:02 811008 ---A 10 days old -- C:\WINDOWS\gmer.exe
25/12/2008 12:36:57 -- 25/12/2008 12:36:57 80 ---A 10 days old -- C:\WINDOWS\gmer_uninstall.cmd
25/12/2008 12:36:57 -- 25/12/2008 12:36:57 884736 ---A 10 days old -- C:\WINDOWS\gmer.dll

---- recent files in C:\WINDOWS\system\

---- recent files in C:\WINDOWS\system32\
14/11/2005 16:41:06 -- 04/01/2009 23:47:14 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers
14/11/2005 16:41:05 -- 04/01/2009 21:47:04 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2
14/11/2005 16:41:06 -- 04/01/2009 13:34:33 (DIR) HSR- 0 days old -- C:\WINDOWS\system32\dllcache
14/11/2005 16:41:06 -- 02/01/2009 09:33:50 (DIR) ---- 2 days old -- C:\WINDOWS\system32\Restore
14/11/2005 16:41:05 -- 25/12/2008 21:10:29 (DIR) ---- 10 days old -- C:\WINDOWS\system32\config
11/03/2008 21:18:25 -- 06/12/2008 20:27:32 (DIR) ---- 29 days old -- C:\WINDOWS\system32\ActiveScan
07/08/2004 20:10:30 -- 04/01/2009 18:47:03 666736 ---A 0 days old -- C:\WINDOWS\system32\perfh009.dat
07/08/2004 20:10:30 -- 04/01/2009 18:47:03 222364 ---A 0 days old -- C:\WINDOWS\system32\perfc009.dat
07/08/2004 20:10:30 -- 04/01/2009 18:47:03 234764 ---A 0 days old -- C:\WINDOWS\system32\PerfStringBackup.INI
07/08/2004 20:16:42 -- 04/01/2009 18:42:50 1158 ---A 0 days old -- C:\WINDOWS\system32\wpa.dbl
11/03/2008 14:14:07 -- 27/12/2008 20:10:58 664 ---A 8 days old -- C:\WINDOWS\system32\d3d9caps.dat
04/08/2004 15:00:00 -- 13/12/2008 13:40:02 3593216 ---A 22 days old -- C:\WINDOWS\system32\mshtml.dll
19/02/2007 12:58:42 -- 13/12/2008 04:01:18 837520 ---A 22 days old -- C:\WINDOWS\system32\TZLog.log
22/06/2006 22:06:05 -- 10/12/2008 06:24:37 17593280 ---A 25 days old -- C:\WINDOWS\system32\MRT.exe
09/12/2008 22:43:08 -- 09/12/2008 22:42:35 410984 ---A 26 days old -- C:\WINDOWS\system32\deploytk.dll
09/12/2008 22:43:08 -- 09/12/2008 22:42:35 144792 ---A 26 days old -- C:\WINDOWS\system32\java.exe
09/12/2008 22:43:08 -- 09/12/2008 22:42:35 148888 ---A 26 days old -- C:\WINDOWS\system32\javaws.exe
09/12/2008 22:43:08 -- 09/12/2008 22:42:35 144792 ---A 26 days old -- C:\WINDOWS\system32\javaw.exe
11/06/2007 09:30:30 -- 09/12/2008 22:42:35 73728 ---A 26 days old -- C:\WINDOWS\system32\javacpl.cpl
11/11/2008 05:57:09 -- 11/11/2008 05:57:44 6529 ---A 54 days old -- C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log

---- recent files in C:\WINDOWS\system32\drivers\
18/07/2008 15:07:48 -- 05/01/2009 03:53:43 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers\Avg
14/11/2005 16:41:06 -- 04/01/2009 23:59:05 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers\etc
04/01/2009 23:47:14 -- 11/03/2008 22:37:12 102664 ---A 0 days old -- C:\WINDOWS\system32\drivers\tmcomm.sys
01/01/2009 01:27:28 -- 19/06/2008 17:24:30 28544 ---A 4 days old -- C:\WINDOWS\system32\drivers\pavboot.sys
30/12/2008 21:36:38 -- 30/12/2008 21:36:38 26808 ---A 5 days old -- C:\WINDOWS\system32\drivers\pxark.sys
25/12/2008 12:36:57 -- 25/12/2008 12:36:57 85969 ---A 10 days old -- C:\WINDOWS\system32\drivers\gmer.sys
03/12/2008 10:45:30 -- 03/12/2008 19:52:38 38496 ---A 32 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
03/12/2008 10:45:33 -- 03/12/2008 19:52:34 15504 ---A 32 days old -- C:\WINDOWS\system32\drivers\mbam.sys

---- recent files in C:\WINDOWS\temp\
04/01/2009 19:47:31 -- 04/01/2009 19:47:31 16384 ---A 0 days old -- C:\WINDOWS\temp\Perflib_Perfdata_724.dat
04/01/2009 18:42:26 -- 04/01/2009 18:42:26 16384 ---A 0 days old -- C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat

---- recent files in C:\Program Files\
14/11/2005 16:41:03 -- 04/01/2009 23:58:25 (DIR) ---- 0 days old -- C:\Program Files\Internet Explorer
14/11/2005 16:41:03 -- 04/01/2009 12:41:00 (DIR) ---- 0 days old -- C:\Program Files\Common Files
04/01/2009 04:20:50 -- 04/01/2009 04:42:35 (DIR) ---- 0 days old -- C:\Program Files\a-squared Free
25/12/2008 13:30:00 -- 03/01/2009 14:54:12 (DIR) ---- 1 days old -- C:\Program Files\Mozilla Firefox
24/11/2007 11:16:44 -- 01/01/2009 11:13:06 (DIR) ---- 3 days old -- C:\Program Files\SUPERAntiSpyware
01/01/2009 01:27:04 -- 01/01/2009 01:27:04 (DIR) ---- 4 days old -- C:\Program Files\Panda Security
30/12/2008 21:36:35 -- 30/12/2008 21:36:35 (DIR) ---- 5 days old -- C:\Program Files\PrevxCSI
28/12/2008 16:30:02 -- 28/12/2008 16:30:11 (DIR) ---- 7 days old -- C:\Program Files\ImgBurn
03/12/2008 10:45:29 -- 25/12/2008 09:48:58 (DIR) ---- 10 days old -- C:\Program Files\Malwarebytes' Anti-Malware
03/02/2007 13:08:29 -- 24/12/2008 22:11:22 (DIR) ---- 11 days old -- C:\Program Files\Sogou PXP
28/09/2006 22:04:44 -- 23/12/2008 07:10:38 (DIR) ---- 12 days old -- C:\Program Files\FlashGet
14/11/2005 17:18:03 -- 21/12/2008 16:03:42 (DIR) ---- 14 days old -- C:\Program Files\Symantec
14/11/2005 16:51:47 -- 09/12/2008 22:42:30 (DIR) ---- 26 days old -- C:\Program Files\Java
29/03/2007 09:44:09 -- 14/11/2008 17:27:01 (DIR) ---- 51 days old -- C:\Program Files\TuneUp Utilities 2007
19/12/2006 11:51:48 -- 14/11/2008 17:07:04 (DIR) ---- 51 days old -- C:\Program Files\Spybot - Search & Destroy
17/12/2006 07:19:08 -- 12/11/2008 19:24:43 (DIR) ---- 53 days old -- C:\Program Files\LimeWire
11/11/2008 05:58:15 -- 11/11/2008 05:58:15 (DIR) ---- 54 days old -- C:\Program Files\Sun
04/01/2009 04:20:15 -- 04/01/2009 04:20:23 12861144 ---A 0 days old -- C:\Program Files\a2FreeSetup.exe
28/12/2008 16:29:21 -- 28/12/2008 16:29:45 1971378 ---A 7 days old -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
28/12/2008 07:47:49 -- 28/12/2008 07:47:50 1432 ---A 7 days old -- C:\Program Files\DelDomains.inf
27/12/2008 10:03:42 -- 27/12/2008 10:03:47 50688 ---A 8 days old -- C:\Program Files\ATF-Cleaner.exe
25/12/2008 13:04:02 -- 25/12/2008 13:29:25 7518240 ---A 10 days old -- C:\Program Files\Firefox_Setup_3.0.5.exe
06/12/2008 18:27:25 -- 06/12/2008 18:27:34 8009920 ---A 29 days old -- C:\Program Files\SpywareTerminator_Setup.exe
03/12/2008 10:42:10 -- 03/12/2008 10:44:38 2372472 ---A 32 days old -- C:\Program Files\mbam-setup.exe
14/11/2008 17:19:53 -- 14/11/2008 17:20:34 2955128 ---A 51 days old -- C:\Program Files\ccsetup213.exe
27/04/2008 21:32:19 -- 12/11/2008 19:24:09 4900376 ---A 53 days old -- C:\Program Files\LimeWireWin.exe

---- recent files in C:\Program Files\Common Files\
14/11/2005 17:17:58 -- 21/12/2008 16:03:38 (DIR) ---- 14 days old -- C:\Program Files\Common Files\Symantec Shared

---- recent files in C:\Documents and Settings\Michael\Application Data\
04/01/2009 13:40:43 -- 04/01/2009 13:40:43 (DIR) ---- 0 days old -- C:\Documents and Settings\Michael\Application Data\WinRAR
25/06/2006 02:12:22 -- 03/01/2009 00:35:36 (DIR) ---- 2 days old -- C:\Documents and Settings\Michael\Application Data\Skype
12/02/2008 11:38:54 -- 02/01/2009 16:54:59 (DIR) ---- 2 days old -- C:\Documents and Settings\Michael\Application Data\skypePM
28/12/2008 16:33:19 -- 28/12/2008 16:33:19 (DIR) ---- 7 days old -- C:\Documents and Settings\Michael\Application Data\ImgBurn
25/12/2008 13:30:10 -- 25/12/2008 13:30:15 (DIR) ---- 10 days old -- C:\Documents and Settings\Michael\Application Data\Mozilla
12/12/2007 11:09:48 -- 23/12/2008 22:45:09 (DIR) ---- 12 days old -- C:\Documents and Settings\Michael\Application Data\Moyea
03/12/2008 10:45:40 -- 03/12/2008 10:45:40 (DIR) ---- 32 days old -- C:\Documents and Settings\Michael\Application Data\Malwarebytes

---- recent files in C:\Documents and Settings\Michael\Local Settings\Application Data\
25/12/2008 13:30:10 -- 25/12/2008 13:30:10 (DIR) ---- 10 days old -- C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla
02/06/2007 08:24:00 -- 25/11/2008 07:16:57 (DIR) ---- 40 days old -- C:\Documents and Settings\Michael\Local Settings\Application Data\CutePDF Writer
05/05/2008 12:46:55 -- 04/01/2009 14:25:32 17573660 H--A 0 days old -- C:\Documents and Settings\Michael\Local Settings\Application Data\IconCache.db
22/06/2006 10:48:04 -- 02/01/2009 18:13:55 9216 ---A 2 days old -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


Report •

#17
January 4, 2009 at 14:07:27
===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre6\bin\jusched.exe\""
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start"
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe\00\00\00\00\1e\15\007\007\006\003\00\00@ý\0c\00\0d\00\08øB\00\00\00\00\00\00\00\00\00\10\00\04\01hLC\00 \00\06\02\1e\15"
"CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE"
"BigDogPath"="C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera"
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe"
"TkBellExe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot"
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\""
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"SmartDefrag"="\"C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe\" /StartUp"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"TuneUp MemOptimizer"="\"C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe\" autostart"
"Yahoo! Pager"="\"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe\" -quiet"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"msnmsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"DWQueuedReporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"="avgrsstx.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
#### HKCR\CLSID\{e57ce738-33e8-4c51-8354-bb4de9d215d1}\InprocServer32 @="C:\WINDOWS\system32\upnpui.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Software Installation"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\!SASWinLogon]
"DllName"="C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL"

[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\dimsntfy]
"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[runonceex]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[runservices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

[Load]

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
#### HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32 @="C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll"

[Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
#### HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32 @="C:\Program Files\AVG\AVG8\avgssie.dll"
@="WormRadar.com IESiteBlocker.NavFilter"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre6\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
#### HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32 @="C:\Program Files\Java\jre6\bin\jp2ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
#### HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\InprocServer32 @="C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

[MSConfig]

[MSConfig\services]

[MSConfig\startupfolder]

[MSConfig\startupreg]

[MSConfig\state]

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"


Report •

#18
January 4, 2009 at 14:10:55
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002ce1

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Video Server S\Video Server S.exe"="C:\Program Files\Video Server S\Video Server S.exe:*:Enabled:Video Server S"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{7555C46A-A0B3-4298-9739-622AB7604F1F}"=dword:00000001
"{A30D4A57-3726-443C-866E-0004DF373C4D}"=dword:00000001
"{DDBD5F57-1095-4DE4-B534-93710DC1B4BB}"=dword:00000001
"{1A3083D8-9FC2-4AE5-9C54-360B5EAE92C8}"=dword:00000001
"{6C70325C-68B3-463F-8161-6C1499A64680}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Browser Customizations"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre6\bin\regutils.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Adobe\Director\swdir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.4"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Advanced Authoring"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="DirectAnimation Java Classes"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
"ComponentID"="M928366"
"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Task Scheduler"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


Report •

#19
January 4, 2009 at 14:17:24
Hi Jabuck,

Do you think it is ok to post this way?
I still have a lot to copy and paste.

Also I notice the logo of the computing.net has changed to a devil in the address and tab column.


Report •

#20
January 4, 2009 at 14:42:24
Lets try this scanner, its going to have a long log also but not quite as long as SystemScan. You will need to post it in segments also.

Download OTScanIt2 to your Desktop from the following link:

OTScanIt2 by oldtimer

Double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
Under File Age at the top, change it from 30 days to 90 days
Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
Under Rootkit Search change it to Yes
Under the Custom Scans box at the bottom left paste the following in

%systemroot%\Prefetch\*.* /s
%systemroot%\system32\drivers\*.dat
%systemroot%\Temp\bca4e2da.$$$
%systemroot%\Temp\ed47fa.$
%systemroot%\Temp\fa56d7ec.$$$
%systemroot%\System32\antiwpa.dll
%PROGRAMFILES%\*crack*.
%PROGRAMFILES%\*keygen*.
%SYSTEMDRIVE%\*crack*.
%SYSTEMDRIVE%\*keygen*.
%SYSTEMDRIVE%\*.zip
%SYSTEMDRIVE%\*.rar
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.dll
%systemroot%\*.zip
%systemroot%\*.rar
%systemroot%\system32\*.zip
%systemroot%\system32\*.rar
%PROGRAMFILES%\*.zip
%PROGRAMFILES%\*.rar
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.dll
%DESKTOP%\*.zip
%DESKTOP%\*.rar
%DESKTOP%\*.exe
%PROGRAMFILES%\Common Files\*.*
%PROGRAMFILES%\Common Files\*bak*.
%systemroot%\SYSTEM32\*bak*.
%PROGRAMFILES%\*bak*.
%USERNAME%\*.zip
%USERNAME%\*.rar
%USERNAME%\*.exe
%USERPROFILE%\*.zip
%USERPROFILE%\*.rar
%USERPROFILE%\*.exe
%ALLUSERSPROFILE%\*.zip
%ALLUSERSPROFILE%\*.rar
%ALLUSERSPROFILE%\*.exe
%APPDATA%\*.zip
%APPDATA%\*.rar
%APPDATA%\*.exe
%ALLUSERSSTARTMENU%\*.zip
%ALLUSERSSTARTMENU%\*.rar
%ALLUSERSSTARTMENU%\*.exe
%ALLUSERSSTARTUP%\*.zip
%ALLUSERSSTARTUP%\*.rar
%ALLUSERSSTARTUP%\*.exe
%ALLUSERSPROGRAMS%\*.zip
%ALLUSERSPROGRAMS%\*.rar
%ALLUSERSPROGRAMS%\*.exe
%ALLUSERSAPPDATA%\*.zip
%ALLUSERSAPPDATA%\*.rar
%ALLUSERSAPPDATA%\*.exe
%APPDATA%\*.zip
%APPDATA%\*.rar
%APPDATA%\*.exe
%APPDATA%\*.dat
%APPDATA%\*.dll
%QUICKLAUNCH%\*.zip
%QUICKLAUNCH%\*.rar
%QUICKLAUNCH%\*.exe
%STARTUP%\*.zip
%STARTUP%\*.rar
%STARTUP%\*.exe
%STARTMENU%\*.zip
%STARTMENU%\*.rar
%STARTMENU%\*.exe
%MYDOCUMENTS%\*.zip
%MYDOCUMENTS%\*.rar
%MYDOCUMENTS%\*.exe
%PROGRAMFILES%\Mozilla Firefox\plugins\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%PROGRAMFILES%\Mozilla Firefox\*.zip /s
%PROGRAMFILES%\Mozilla Firefox\*.rar /s
%PROGRAMFILES%\Mozilla Firefox\*.exe /s
%PROGRAMFILES%\Internet Explorer\*.zip /s
%PROGRAMFILES%\Internet Explorer\*.rar /s
%PROGRAMFILES%\Internet Explorer\*.exe /s
%SYSTEMDRIVE%\*.dat
%SYSTEMDRIVE%\*.sys
%SYSTEMROOT%\*.dat
%SYSTEMROOT%\*.sys
%systemroot%\system32\drivers\*.exe /s
%systemroot%\system32\drivers\*.zip /s
%systemroot%\system32\drivers\*.rar /s
%systemroot%\system\*.exe /s
%systemroot%\system\*.zip /s
%systemroot%\system\*.rar /s
%systemroot%\AppPatch\*.exe /s
%systemroot%\AppPatch\*.zip /s
%systemroot%\AppPatch\*.rar /s
%systemroot%\Cache\*.*
%systemroot%\Downloaded Program Files\*.*
%systemroot%\Fonts\*.exe /s
%systemroot%\Fonts\*.zip /s
%systemroot%\Fonts\*.rar /s
%systemroot%\Fonts\*.dll /s
%systemroot%\Help\*.exe /s
%systemroot%\Help\*.zip /s
%systemroot%\Help\*.rar /s
%systemroot%\Tasks\*.*
%APPDATA%\*.sys
%systemroot%\system32\serauth1.dll
%systemroot%\system32\serauth2.dll
%systemroot%\system32\sysaudio.sys
%PROGRAMFILES%\*TinyProxy*.
%PROGRAMFILES%\Bitlord\Downloads\*.zip /s
%PROGRAMFILES%\Bitlord\Downloads\*.rar /s
%PROGRAMFILES%\Bitlord\Downloads\*.exe /s
%PROGRAMFILES%\Bitlord\Downloads\*crack*.
%PROGRAMFILES%\Bitlord\Downloads\*keygen*.
%PROGRAMFILES%\eMule\Incoming\*.zip /s
%PROGRAMFILES%\eMule\Incoming\*.rar /s
%PROGRAMFILES%\eMule\Incoming\*.exe /s
%PROGRAMFILES%\eMule\Incoming\*crack*.
%PROGRAMFILES%\eMule\Incoming\*keygen*.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs


Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.


Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

This will be a large file and may take several post to get it all posted.


Report •

#21
January 4, 2009 at 16:40:47
Hi Jabuck,

Here is the log. Thank you.

[code]
OTScanIt2 logfile created on: 1/5/2009 7:27:14 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Michael\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.63% Memory free
2.60 Gb Paging File | 1.88 Gb Available in Paging File | 72.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 42.23 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC269896545103
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH)
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/22 20:56:00 | 00,611,664 | ---- | M] (Lavasoft)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/08/10 05:29:40 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/08/10 05:29:40 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/08/10 12:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008/07/18 15:07:44 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> [2008/11/27 19:22:54 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/30 20:44:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
cap3lak.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\CAP3LAK.EXE -> [2002/07/18 22:00:00 | 00,030,720 | ---- | M] (CANON INC.)
cap3rsk.exe -> %SystemRoot%\system32\CAP3RSK.EXE -> [2002/07/18 22:00:00 | 00,061,512 | ---- | M] (CANON INC.)
cap3swk.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\CAP3SWK.EXE -> [2002/07/18 22:00:00 | 00,136,704 | ---- | M] (CANON INC.)
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> [2005/08/25 06:39:20 | 00,397,312 | ---- | M] (Hewlett-Packard )
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> [2005/05/05 01:59:40 | 00,794,624 | ---- | M] (Hewlett-Packard Company)
hpqwmi.exe -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> [2005/08/29 23:41:22 | 00,106,496 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
iobit smartdefrag.exe -> %ProgramFiles%\IObit\IObit SmartDefrag\IObit SmartDefrag.exe -> [2008/08/14 21:14:18 | 02,235,720 | ---- | M] (IObit)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2004/07/28 07:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/09 22:42:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/09 22:42:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/06/21 14:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company)
memoptimizer.exe -> %ProgramFiles%\TuneUp Utilities 2007\MemOptimizer.exe -> [2007/04/27 06:50:50 | 00,312,328 | ---- | M] (TuneUp Software GmbH)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/04 17:00:34 | 00,485,888 | ---- | M] (OldTimer Tools)
prevxcsi.exe -> %ProgramFiles%\PrevxCSI\prevxcsi.exe -> [2008/12/30 21:36:35 | 00,927,288 | ---- | M] (Prevx)
prevxcsi.exe -> %ProgramFiles%\PrevxCSI\prevxcsi.exe -> [2008/12/30 21:36:35 | 00,927,288 | ---- | M] (Prevx)
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2006/08/20 17:44:33 | 00,282,624 | ---- | M] (Apple Computer, Inc.)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/05/05 10:57:13 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2009/01/01 11:13:04 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2005/06/20 03:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.)
vm_sti.exe -> %SystemRoot%\VM_STI.EXE -> [2004/06/10 05:37:02 | 00,040,960 | R--- | M] (BIGDOG)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/14 07:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)

[Win32 Services - Safe List]
(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH)
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/22 20:56:00 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 16:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2005/08/10 05:29:40 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/30 20:44:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
(CSIScanner) CSIScanner [Win32_Own | Auto | Running] -> %ProgramFiles%\PrevxCSI\prevxcsi.exe -> [2008/12/30 21:36:35 | 00,927,288 | ---- | M] (Prevx)
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> [2005/08/29 23:41:22 | 00,106,496 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2006/06/14 16:23:58 | 00,323,584 | ---- | M] (Apple Computer, Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/09 22:42:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/06/21 14:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company)
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2007/08/28 22:50:34 | 00,079,360 | ---- | M] (SolidWorks)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/10 06:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/08/10 05:35:42 | 01,273,856 | ---- | M] (ATI Technologies Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/08/30 20:44:05 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/18 15:07:51 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2005/08/12 13:47:34 | 00,376,320 | ---- | M] (Broadcom Corporation)
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6aud.sys -> [2005/08/02 23:58:28 | 00,038,016 | ---- | M] (Conexant Systems Inc.)
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6hal.sys -> [2005/08/03 00:00:04 | 00,349,312 | ---- | M] (Conexant Systems Inc.)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\CDRBSDRV.SYS -> [2004/03/09 02:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
(eabfiltr) eabfiltr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\eabfiltr.sys -> [2005/05/06 01:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EabUsb.sys -> [2005/05/06 01:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.)
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gmer.sys -> [2008/12/25 12:36:57 | 00,085,969 | ---- | M] (GMER)
(HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWATI.sys -> [2005/05/03 07:33:00 | 00,211,584 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2005/05/03 07:33:00 | 01,034,752 | ---- | M] (Conexant Systems, Inc.)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/14 01:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 03:04:00 | 00,013,059 | ---- | M] (Conexant)
(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(pxark) pxark [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxark.sys -> [2008/12/30 21:36:38 | 00,026,808 | ---- | M] (Prevx)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/04/25 17:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> [2005/06/21 23:18:00 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation )
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> [2008/05/30 10:12:09 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008/05/30 10:12:09 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/14 01:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 17:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\smcirda.sys -> [2001/08/18 03:10:28 | 00,035,913 | ---- | M] (SMC)
(SNPSTD3) USB PC Camera (SNPSTD3) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\snpstd3.sys -> [2005/11/08 08:38:18 | 08,718,848 | ---- | M] ()
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2005/06/20 03:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.)
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> [2005/04/04 23:25:36 | 00,160,768 | ---- | M] (Texas Instruments)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2005/05/03 07:33:00 | 00,716,288 | ---- | M] (Conexant Systems, Inc.)
(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2008/04/14 01:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation)
(ZSMC302) VIMICRO USB PC Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbVM31b.sys -> [2004/08/18 01:44:22 | 00,091,263 | R--- | M] (VM)
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2008/03/11 22:37:12 | 00,102,664 | ---- | M] (Trend Micro Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC17... ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC17... ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redi... ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/keyword/%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\9t4layap.default\prefs.js ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (290745 bytes and 10060 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->


Report •

#22
January 4, 2009 at 16:42:50
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2008/08/30 20:44:08 | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/09 22:42:37 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 10:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/09 22:42:36 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/09 22:42:37 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/10/20 04:56:50 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"ATIPTA" -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> [2005/08/10 12:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008/11/27 19:22:54 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BigDogPath" -> %SystemRoot%\VM_STI.EXE [C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera] -> [2004/06/10 05:37:02 | 00,040,960 | R--- | M] (BIGDOG)
"CAP3ON" -> %SystemRoot%\system32\spool\drivers\w32x86\3\CAP3ONN.EXE [C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE] -> [2002/07/18 22:00:00 | 00,022,528 | ---- | M] (CANON INC.)
"Cpqset" -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe [C:\Program Files\HPQ\Default Settings\cpqset.exe] -> [2005/08/02 05:26:42 | 00,233,534 | ---- | M] ()
"eabconfg.cpl" -> [C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start] -> File not found
"HP Software Update" -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] -> [2005/05/05 01:59:40 | 00,794,624 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/28 07:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/28 07:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"LSBWatcher" -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe] -> [2004/10/15 04:54:32 | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/08/20 17:44:33 | 00,282,624 | ---- | M] (Apple Computer, Inc.)
"SmartDefrag" -> ["C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp] -> File not found
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/09 22:42:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2005/06/20 03:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2008/05/05 10:57:13 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"msnmsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2009/01/01 11:13:04 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
"TuneUp MemOptimizer" -> %ProgramFiles%\TuneUp Utilities 2007\MemOptimizer.exe ["C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart] -> [2007/04/27 06:50:50 | 00,312,328 | ---- | M] (TuneUp Software GmbH)
"Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK -> %SystemRoot%\system32\spool\drivers\w32x86\3\CAP3LAK.EXE -> [2002/07/18 22:00:00 | 00,030,720 | ---- | M] (CANON INC.)
< Michael Startup Folder > -> C:\Documents and Settings\Michael\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\\"NoResolveSearch" -> [1] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/14 01:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 07:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 07:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/contro... ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5233 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5233 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{14C1B87C-3342-445F-9B5E-365FF330A3AC} [HKLM] -> http://h20278.www2.hp.com/HPISWeb/C... Online Support Services] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/... ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?lin... Genuine Advantage Validation Tool] ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/h... Micro ActiveX Scan Agent 6.6] ->
{22945A69-1191-4DCF-9E6F-409BDE94D101} [HKLM] -> http://svca.solidworks.com/htdocs/p... Class] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/... ActiveX Control] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/... AntiVirus scanner] ->
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [HKLM] -> http://acs.pandasoftware.com/active... 2.0 Installer Class] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/res... Control] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/... RuFSI Utility Class] ->
{6924091F-CD97-41E1-B1D4-D9079409D413} [HKLM] -> http://www.5liao.com/talk.cab[IMCv1 Control] ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eo... Error: Key does not exist or could not be opened.] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> http://www.ca.com/us/securityadviso... Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [HKLM] -> http://acs.pandasoftware.com/active... Installer Class] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fsc... Online Scanner 3.3] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/ji... Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/ji... Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/g... Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0B3A42E8-D498-436F-A075-39749FEA7E00} -> 208.67.222.222,208.67.220.220 (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{237352FD-A313-49F1-B4DD-5ED67325E2F5} -> (1394 Net Adapter) ->
{4FBB7675-2E52-4FFC-9A56-11104A04FD1F} -> (Broadcom 802.11b/g WLAN) ->
{9C58367E-5655-4F18-A867-F0ACBFBFA9F1} -> () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/07/18 15:07:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> [2009/01/01 11:13:06 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2005/08/10 05:30:44 | 00,046,080 | ---- | M] (ATI Technologies Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/30 10:12:09 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 01:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 07:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 01:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 07:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/08/30 20:41:40 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> [2008/10/15 14:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2006/06/14 16:48:00 | 14,276,608 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/09/19 01:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 07:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> [2008/05/05 10:57:37 | 00,214,560 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> [2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Video Server S\Video Server S.exe" -> C:\Program Files\Video Server S\Video Server S.exe [C:\Program Files\Video Server S\Video Server S.exe:*:Enabled:Video Server S] -> [2005/01/12 06:33:58 | 01,183,744 | ---- | M] ()
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->

Report •

#23
January 4, 2009 at 16:44:01
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/14 01:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008/12/23 15:18:29 | 00,000,000 | RHSD | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2008/06/11 22:49:10 | 00,378,200 | ---- | M] (Adobe Systems, Inc.)
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/14 07:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 15:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2006/10/17 11:56:10 | 00,045,568 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2008/10/15 14:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 07:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 07:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 18:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 18:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/14 07:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 07:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 18:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 18:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 18:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 18:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
UxTuneUp -> C:\WINDOWS\system32\uxtuneup.dll [C:\WINDOWS\system32\uxtuneup.dll] -> [2007/03/29 04:42:42 | 00,029,704 | ---- | M] (TuneUp Software GmbH)
Wmi -> [] ->
WmdmPmSp -> [] ->
helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/14 07:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2008/04/14 07:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation)
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> [2008/07/18 15:07:48 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value does not exist or could not be read.] -> [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2008/04/14 07:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll[MSDAIPP.BINDER] -> [2008/04/14 07:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> [2001/06/20 18:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value does not exist or could not be read.] -> [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2008/05/30 15:54:14 | 01,942,864 | R--- | M] (Skype Technologies)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/22 20:56:00 | 00,611,664 | ---- | M] (Lavasoft)
AVG Anti-Spyware Driver -> Driver
AVG Anti-Spyware Guard -> Service
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
WinDefend -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/22 20:56:00 | 00,611,664 | ---- | M] (Lavasoft)
AVG Anti-Spyware Driver -> Driver
AVG Anti-Spyware Guard -> Service
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
rdpdd.sys -> %SystemRoot%\system32\rdpdd.dll -> [2008/04/14 07:13:22 | 00,092,424 | ---- | M] (Microsoft Corporation)
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
WinDefend -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
"BootExecute" -> autocheck autochk *;lsdelete; ->
"ExcludeFromKnownDlls" -> ->
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->
\Windows -> -> File not found
\RPC Control -> -> File not found
*MultiFile Done* -> ->
*PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations ->
\??\C:\WINDOWS\temp\cfa5551f-df3b-44fd-8257-9ea3b21c4ce8.tmp [\??\C:\WINDOWS\temp\cfa5551f-df3b-44fd-8257-9ea3b21c4ce8.tmp] -> %SystemRoot%\temp\cfa5551f-df3b-44fd-8257-9ea3b21c4ce8.tmp [%SystemRoot%\temp\cfa5551f-df3b-44fd-8257-9ea3b21c4ce8.tmp] -> File not found
*MultiFile Done* -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/14 07:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
"TEMP" -> %SystemRoot%\TEMP ->
"TMP" -> %SystemRoot%\TEMP ->
"windir" -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%systemroot%\system32 -> %SystemRoot%\system32 -> [2009/01/04 18:47:03 | 00,000,000 | ---D | M]
%systemroot% -> %SystemRoot% -> [2009/01/04 21:48:13 | 00,000,000 | ---D | M]
%systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [2008/09/11 22:47:19 | 00,000,000 | ---D | M]
C:\Program Files\ATI Technologies\ATI Control Panel -> -> File not found
C:\Program Files\QuickTime\QTSystem -> %ProgramFiles%\QuickTime\QTSystem -> [2006/08/20 17:44:23 | 00,000,000 | ---D | M]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> -> File not found
.EXE -> -> File not found
.BAT -> -> File not found
.CMD -> -> File not found
.VBS -> -> File not found
.VBE -> -> File not found
.JS -> -> File not found
.JSE -> -> File not found
.WSF -> -> File not found
.WSH -> -> File not found
*MultiFile Done* -> ->
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations ->
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->
"advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2008/04/14 07:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/14 07:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2009/01/04 18:47:03 | 00,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 19:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/14 07:11:54 | 00,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/14 07:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\system32\lz32.dll -> [2004/08/04 15:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\system32\ole32.dll -> [2008/04/14 07:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/14 07:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2008/04/14 07:12:02 | 00,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2008/04/14 07:12:02 | 00,037,376 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2004/08/04 15:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2004/08/04 15:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2008/04/14 07:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\system32\shell32.dll -> [2008/04/14 07:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\system32\url.dll -> [2008/10/17 03:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/10/17 03:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\system32\user32.dll -> [2008/04/14 07:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\system32\version.dll -> [2008/04/14 07:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/10/17 03:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/14 07:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC ->
"CommonFilesDir" -> C:\Program Files\Common Files -> [2009/01/04 12:41:00 | 00,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -> %SystemRoot%\system32\nwprovau.dll -> [2008/04/14 07:12:02 | 00,142,336 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 12/8/2008 2:30:36 AM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3012 -> Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Application [ Error ] 12/8/2008 2:30:36 AM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
Application [ Error ] 12/8/2008 8:12:37 AM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3012 -> Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Application [ Error ] 12/8/2008 8:12:37 AM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
Application [ Error ] 12/8/2008 10:52:29 AM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3012 -> Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Application [ Error ] 12/8/2008 10:52:29 AM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
Application [ Error ] 12/8/2008 12:49:17 PM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3012 -> Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Application [ Error ] 12/8/2008 12:49:17 PM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
Application [ Error ] 12/8/2008 6:16:47 PM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3012 -> Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Application [ Error ] 12/8/2008 6:16:47 PM Computer Name = PC269896545103 | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
System [ Error ] 1/4/2009 10:27:51 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:27:56 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:28:00 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:28:03 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:28:09 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:28:15 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:28:21 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:28:28 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 10:54:59 AM Computer Name = PC269896545103 | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 1/4/2009 6:44:18 PM Computer Name = PC269896545103 | Source = F-Secure Standalone Minifilter | ID = 327681 -> Description =


Report •

#24
January 4, 2009 at 16:45:27
[Files/Folders - Created Within 90 Days]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/01/05 07:15:54 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/05 07:12:49 | 00,657,207 | ---- | C] ()
suspectfile -> %UserProfile%\Desktop\suspectfile -> [2009/01/05 03:59:36 | 00,000,000 | ---D | C]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/01/04 23:47:14 | 00,102,664 | ---- | C] (Trend Micro Inc.)
LastGood -> %SystemRoot%\LastGood -> [2009/01/04 21:48:13 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/01/04 18:54:13 | 00,000,000 | -HSD | C]
WinRAR -> %AppData%\WinRAR -> [2009/01/04 13:40:43 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/04 13:38:32 | 21,456,36352 | -HS- | C] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009/01/04 13:34:33 | 00,578,560 | ---- | C] (Microsoft Corporation)
ERUNT -> %SystemRoot%\ERUNT -> [2009/01/04 13:32:53 | 00,000,000 | ---D | C]
SDFix -> %SystemDrive%\SDFix -> [2009/01/04 13:22:44 | 00,000,000 | ---D | C]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2009/01/04 13:19:05 | 01,529,241 | ---- | C] ()
temp -> %SystemRoot%\temp -> [2009/01/04 12:41:21 | 00,000,000 | ---D | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/01/04 11:32:27 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/01/04 11:32:27 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/01/04 11:32:27 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/01/04 11:32:27 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/01/04 11:32:27 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/01/04 11:32:27 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/01/04 11:32:27 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/01/04 11:32:27 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/01/04 11:32:27 | 00,028,672 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2009/01/04 11:32:20 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/04 11:30:17 | 02,888,012 | R--- | C] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/04 10:34:04 | 00,054,156 | -H-- | C] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2009/01/04 10:34:04 | 00,001,409 | ---- | C] ()
paint line price.doc -> %UserProfile%\My Documents\paint line price.doc -> [2009/01/04 08:01:00 | 00,117,760 | ---- | C] ()
paint line.dwg -> %UserProfile%\My Documents\paint line.dwg -> [2009/01/04 07:51:32 | 00,100,928 | ---- | C] ()
a-squared Free.lnk -> %AllUsersProfile%\Desktop\a-squared Free.lnk -> [2009/01/04 04:20:55 | 00,000,648 | ---- | C] ()
a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [2009/01/04 04:20:50 | 00,000,000 | ---D | C]
a-squared Free -> %ProgramFiles%\a-squared Free -> [2009/01/04 04:20:50 | 00,000,000 | ---D | C]
a2FreeSetup.exe -> %ProgramFiles%\a2FreeSetup.exe -> [2009/01/04 04:20:15 | 12,861,144 | ---- | C] (Emsi Software GmbH )
screenshot4.doc -> %UserProfile%\My Documents\screenshot4.doc -> [2009/01/03 03:10:47 | 00,213,504 | ---- | C] ()
SCREENSHOT1.xls -> %UserProfile%\My Documents\SCREENSHOT1.xls -> [2009/01/03 03:06:09 | 00,212,992 | ---- | C] ()
screenshot3.doc -> %UserProfile%\My Documents\screenshot3.doc -> [2009/01/03 02:56:29 | 00,214,528 | ---- | C] ()
screenshot2.doc -> %UserProfile%\My Documents\screenshot2.doc -> [2009/01/03 01:15:25 | 00,131,072 | ---- | C] ()
screenshot.doc -> %UserProfile%\My Documents\screenshot.doc -> [2009/01/03 01:10:12 | 00,233,472 | ---- | C] ()
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2009/01/01 01:27:28 | 00,028,544 | ---- | C] (Panda Security, S.L.)
Panda Security -> %ProgramFiles%\Panda Security -> [2009/01/01 01:27:04 | 00,000,000 | ---D | C]
ds156_complete.pdf -> %UserProfile%\My Documents\ds156_complete.pdf -> [2008/12/31 12:14:31 | 00,169,191 | ---- | C] ()
pxark.sys -> %SystemRoot%\System32\drivers\pxark.sys -> [2008/12/30 21:36:38 | 00,026,808 | ---- | C] (Prevx)
PrevxCSI -> %ProgramFiles%\PrevxCSI -> [2008/12/30 21:36:35 | 00,000,000 | ---D | C]
PrevxCSI -> %AllUsersProfile%\Application Data\PrevxCSI -> [2008/12/30 21:36:27 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2008/12/30 21:15:47 | 00,000,000 | RH-D | C]
address book backup.csv -> %UserProfile%\My Documents\address book backup.csv -> [2008/12/30 12:34:54 | 00,026,774 | ---- | C] ()
mail backup -> %UserProfile%\Desktop\mail backup -> [2008/12/30 12:32:01 | 00,000,000 | ---D | C]
stan99.xls -> %UserProfile%\My Documents\stan99.xls -> [2008/12/29 18:36:31 | 00,047,104 | ---- | C] ()
Ed-Oil-Caps.gif -> %UserProfile%\My Documents\Ed-Oil-Caps.gif -> [2008/12/29 16:45:41 | 00,151,711 | ---- | C] ()
ImgBurn -> %AppData%\ImgBurn -> [2008/12/28 16:33:19 | 00,000,000 | ---D | C]
xpsp3.ibb -> %UserProfile%\Desktop\xpsp3.ibb -> [2008/12/28 16:32:24 | 00,001,330 | ---- | C] ()
ImgBurn -> %ProgramFiles%\ImgBurn -> [2008/12/28 16:30:02 | 00,000,000 | ---D | C]
SetupImgBurn_2.4.2.0.exe -> %ProgramFiles%\SetupImgBurn_2.4.2.0.exe -> [2008/12/28 16:29:21 | 01,971,378 | ---- | C] (LIGHTNING UK!)
XPSP3.exe -> %SystemDrive%\XPSP3.exe -> [2008/12/28 15:26:14 | 33,180,5736 | ---- | C] (Microsoft Corporation)
XPSETUP -> %SystemDrive%\XPSETUP -> [2008/12/28 14:51:16 | 00,000,000 | ---D | C]
w2ksect.bin -> %SystemDrive%\w2ksect.bin -> [2008/12/28 14:50:38 | 00,002,048 | ---- | C] ()
wxp10.zip -> %SystemDrive%\wxp10.zip -> [2008/12/28 14:45:15 | 00,004,145 | ---- | C] ()
~$ta.doc -> %UserProfile%\Desktop\~$ta.doc -> [2008/12/28 11:04:57 | 00,000,162 | -H-- | C] ()
Copy of My Pictures -> %UserProfile%\My Documents\Copy of My Pictures -> [2008/12/28 09:26:49 | 00,000,000 | R--D | C]
painting line.doc -> %UserProfile%\My Documents\painting line.doc -> [2008/12/28 09:25:33 | 00,167,424 | ---- | C] ()
Hoster.exe -> %UserProfile%\Desktop\Hoster.exe -> [2008/12/28 07:53:11 | 00,199,680 | ---- | C] (Toadbee 2005)
DelDomains.inf -> %UserProfile%\Desktop\DelDomains.inf -> [2008/12/28 07:48:29 | 00,001,432 | ---- | C] ()
DelDomains.inf -> %ProgramFiles%\DelDomains.inf -> [2008/12/28 07:47:49 | 00,001,432 | ---- | C] ()
rsit -> %SystemDrive%\rsit -> [2008/12/27 08:35:43 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/12/27 08:35:05 | 00,781,851 | ---- | C] ()
look.bat -> %UserProfile%\Desktop\look.bat -> [2008/12/25 22:01:11 | 00,000,059 | ---- | C] ()
ListDlls.zip -> %UserProfile%\Desktop\ListDlls.zip -> [2008/12/25 21:57:35 | 00,049,867 | ---- | C] ()
metal machine contract.doc -> %UserProfile%\My Documents\metal machine contract.doc -> [2008/12/25 15:00:53 | 00,035,840 | ---- | C] ()
nsreg.dat -> %SystemRoot%\nsreg.dat -> [2008/12/25 13:30:15 | 00,000,000 | ---- | C] ()
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [2008/12/25 13:30:10 | 00,000,000 | ---D | C]
Mozilla -> %AppData%\Mozilla -> [2008/12/25 13:30:10 | 00,000,000 | ---D | C]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/25 13:30:04 | 00,001,602 | ---- | C] ()
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [2008/12/25 13:30:00 | 00,000,000 | ---D | C]
Firefox_Setup_3.0.5.exe -> %ProgramFiles%\Firefox_Setup_3.0.5.exe -> [2008/12/25 13:04:02 | 07,518,240 | ---- | C] (Mozilla)
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/12/25 12:37:00 | 00,000,250 | ---- | C] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/12/25 12:36:57 | 00,884,736 | ---- | C] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2008/12/25 12:36:57 | 00,811,008 | ---- | C] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/12/25 12:36:57 | 00,085,969 | ---- | C] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/12/25 12:36:57 | 00,000,080 | ---- | C] ()
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/12/25 12:32:51 | 00,747,873 | ---- | C] ()
sreng2.zip -> %UserProfile%\Desktop\sreng2.zip -> [2008/12/25 11:24:22 | 00,863,754 | ---- | C] ()
GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2008/12/25 10:59:18 | 00,089,088 | ---- | C] ()
ERDNT -> %SystemDrive%\ERDNT -> [2008/12/24 07:26:19 | 00,000,000 | ---D | C]
winsockxpfix.exe -> %UserProfile%\Desktop\winsockxpfix.exe -> [2008/12/24 07:19:50 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions)
fix.reg -> %UserProfile%\Desktop\fix.reg -> [2008/12/23 22:40:11 | 00,000,893 | ---- | C] ()
UserData -> %UserProfile%\UserData -> [2008/12/23 22:08:40 | 00,000,000 | -HSD | C]
autorun.inf -> %SystemDrive%\autorun.inf -> [2008/12/23 15:18:29 | 00,000,000 | RHSD | C]
LOGO.doc -> %UserProfile%\My Documents\LOGO.doc -> [2008/12/23 12:04:36 | 00,057,856 | ---- | C] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2008/12/23 07:13:57 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2008/12/23 07:13:56 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2008/12/23 07:13:51 | 00,000,000 | RHSD | C]
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> %UserProfile%\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> [2008/12/23 06:52:13 | 04,614,888 | ---- | C] (Microsoft Corporation)
ta.doc -> %UserProfile%\Desktop\ta.doc -> [2008/12/22 20:50:30 | 00,022,528 | ---- | C] ()
t.doc -> %UserProfile%\Desktop\t.doc -> [2008/12/22 10:49:58 | 00,022,528 | ---- | C] ()
Config.Msi -> %SystemDrive%\Config.Msi -> [2008/12/21 16:03:25 | 00,000,000 | -HSD | C]
ResetTeaTimer.bat -> %UserProfile%\Desktop\ResetTeaTimer.bat -> [2008/12/21 15:11:15 | 00,009,123 | ---- | C] ()
Attach.rar -> %UserProfile%\Desktop\Attach.rar -> [2008/12/21 05:19:19 | 00,002,653 | ---- | C] ()
dds.com -> %UserProfile%\Desktop\dds.com -> [2008/12/21 05:03:01 | 00,369,327 | ---- | C] ()
2009 Update Listing Form.doc -> %UserProfile%\My Documents\2009 Update Listing Form.doc -> [2008/12/13 04:23:34 | 00,036,864 | ---- | C] ()
tt.doc -> %UserProfile%\Desktop\tt.doc -> [2008/12/10 13:17:44 | 00,020,992 | ---- | C] ()
SpywareTerminator_Setup.exe -> %ProgramFiles%\SpywareTerminator_Setup.exe -> [2008/12/06 18:27:25 | 08,009,920 | ---- | C] (Crawler Inc. )
Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/03 10:45:40 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 10:45:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 10:45:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/03 10:45:29 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/03 10:45:29 | 00,000,000 | ---D | C]
mbam-setup.exe -> %ProgramFiles%\mbam-setup.exe -> [2008/12/03 10:42:10 | 02,372,472 | ---- | C] (Malwarebytes Corporation )
LIST PRODUCTS AND MATERIAL.xls -> %UserProfile%\My Documents\LIST PRODUCTS AND MATERIAL.xls -> [2008/12/03 10:17:43 | 00,016,896 | ---- | C] ()
CACO3.doc -> %UserProfile%\My Documents\CACO3.doc -> [2008/11/30 13:10:28 | 00,048,640 | ---- | C] ()
CG STEEL CO., LTD. ].ppt -> %UserProfile%\My Documents\CG STEEL CO., LTD. ].ppt -> [2008/11/23 15:28:21 | 00,073,728 | ---- | C] ()
2008 Request for Audit - NSF Cook Thurber (EP)-Plastic Intercon.xls -> %UserProfile%\My Documents\2008 Request for Audit - NSF Cook Thurber (EP)-Plastic Intercon.xls -> [2008/11/19 09:36:18 | 00,047,104 | ---- | C] ()
tuan mix container.xls -> %UserProfile%\My Documents\tuan mix container.xls -> [2008/11/18 10:39:32 | 00,026,624 | ---- | C] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/11/14 17:21:13 | 00,001,548 | ---- | C] ()
ccsetup213.exe -> %ProgramFiles%\ccsetup213.exe -> [2008/11/14 17:19:53 | 02,955,128 | ---- | C] (Piriform Ltd)
LimeWire 4.18.8.lnk -> %UserProfile%\Desktop\LimeWire 4.18.8.lnk -> [2008/11/12 19:24:43 | 00,001,580 | ---- | C] ()
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/12 11:18:00 | 01,106,944 | ---- | C] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 11:10:51 | 00,455,296 | ---- | C] (Microsoft Corporation)
tuan.xls -> %UserProfile%\My Documents\tuan.xls -> [2008/11/11 17:58:59 | 00,025,600 | ---- | C] ()
CHINA INT'L.xls -> %UserProfile%\My Documents\CHINA INT'L.xls -> [2008/11/11 14:57:21 | 00,022,528 | ---- | C] ()
Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [2008/11/11 05:58:15 | 00,000,851 | ---- | C] ()
Sun -> %ProgramFiles%\Sun -> [2008/11/11 05:58:15 | 00,000,000 | ---D | C]
Vendor Survey (Taiwan_HK) .doc -> %UserProfile%\My Documents\Vendor Survey (Taiwan_HK) .doc -> [2008/11/10 17:22:36 | 00,082,432 | ---- | C] ()
WIRE HANGER -> %UserProfile%\My Documents\WIRE HANGER -> [2008/11/07 09:50:48 | 00,000,000 | ---D | C]
test 2 -> %UserProfile%\Desktop\test 2 -> [2008/11/05 07:27:31 | 00,000,000 | ---D | C]
Confidentiality Agreement - Plastic Intercon.pdf -> %UserProfile%\My Documents\Confidentiality Agreement - Plastic Intercon.pdf -> [2008/10/29 03:20:26 | 00,046,306 | ---- | C] ()
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/24 06:32:10 | 00,337,408 | ---- | C] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 19:36:14 | 00,286,720 | ---- | C] (Microsoft Corporation)
SHIPPING ORDER 404.doc -> %UserProfile%\My Documents\SHIPPING ORDER 404.doc -> [2008/10/22 15:19:42 | 00,076,288 | ---- | C] ()
Detail hanger.pdf -> %UserProfile%\My Documents\Detail hanger.pdf -> [2008/10/20 18:16:11 | 00,010,342 | ---- | C] ()
Detail hanger.xls -> %UserProfile%\My Documents\Detail hanger.xls -> [2008/10/20 18:16:00 | 00,016,384 | ---- | C] ()
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/16 17:26:02 | 00,333,824 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/16 17:25:24 | 01,846,400 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/16 17:24:27 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/16 17:24:26 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/16 17:24:25 | 02,023,936 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/16 17:24:24 | 02,066,048 | ---- | C] (Microsoft Corporation)
TELEX RELEASE.pdf -> %UserProfile%\My Documents\TELEX RELEASE.pdf -> [2008/10/15 12:09:38 | 00,050,175 | ---- | C] ()
ENQ# 10091 Request For Quote V3 - HANGERS.xls -> %UserProfile%\My Documents\ENQ# 10091 Request For Quote V3 - HANGERS.xls -> [2008/10/14 21:53:52 | 00,267,264 | ---- | C] ()
SHIPPING ORDER 344.doc -> %UserProfile%\My Documents\SHIPPING ORDER 344.doc -> [2008/10/13 21:32:20 | 00,076,288 | ---- | C] ()
logo.rar -> %UserProfile%\Desktop\logo.rar -> [2008/10/09 15:06:21 | 00,408,637 | ---- | C] ()

[Files/Folders - Modified Within 90 Days]
8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Michael\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Michael\Local Settings\temp\*.tmp ->
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/05 07:13:59 | 00,657,207 | ---- | M] ()
perf.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/01/05 07:09:23 | 00,000,128 | ---- | M] ()
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/01/05 05:35:39 | 00,883,336 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/01/05 05:35:39 | 00,883,336 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2009/01/05 05:35:39 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2009/01/05 05:35:39 | 00,147,456 | ---- | M] (F-Secure Corporation)
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/01/05 05:35:30 | 00,519,304 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/01/05 05:35:30 | 00,519,304 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/01/05 05:35:30 | 00,482,424 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/01/05 05:35:30 | 00,482,424 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/01/05 05:35:30 | 00,439,432 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/01/05 05:35:30 | 00,439,432 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/01/05 05:35:30 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/01/05 05:35:30 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/01/05 05:35:30 | 00,150,168 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/01/05 05:35:30 | 00,150,168 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/01/05 05:35:30 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/01/05 05:35:30 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/01/05 05:35:30 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/01/05 05:35:30 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/01/05 05:35:30 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/01/05 05:35:30 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/01/05 05:35:30 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/01/05 05:35:30 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/01/05 05:35:30 | 00,055,912 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/01/05 05:35:30 | 00,055,912 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/01/05 05:35:18 | 01,847,002 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/01/05 05:35:18 | 01,847,002 | ---- | M] ()
fsup32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsup32.dll -> [2009/01/05 05:35:18 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsup32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsup32.dll -> [2009/01/05 05:35:18 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/01/05 05:35:18 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/01/05 05:35:18 | 00,422,594 | ---- | M] ()
fspe32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fspe32.dll -> [2009/01/05 05:35:18 | 00,385,024 | ---- | M] (F-Secure Corporation)
fspe32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fspe32.dll -> [2009/01/05 05:35:18 | 00,385,024 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/01/05 05:35:18 | 00,262,144 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/01/05 05:35:18 | 00,262,144 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> [2009/01/05 05:35:18 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> [2009/01/05 05:35:18 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> [2009/01/05 05:35:18 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> [2009/01/05 05:35:18 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> [2009/01/05 05:35:18 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> [2009/01/05 05:35:18 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> [2009/01/05 05:35:18 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupux32.dll -> [2009/01/05 05:35:18 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> [2009/01/05 05:35:18 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> [2009/01/05 05:35:18 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> [2009/01/05 05:35:18 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> [2009/01/05 05:35:18 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsuptmpl.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [2009/01/05 05:35:18 | 00,005,828 | ---- | M] ()
fsuptmpl.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [2009/01/05 05:35:18 | 00,005,828 | ---- | M] ()
fsupplgn.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [2009/01/05 05:35:18 | 00,000,226 | ---- | M] ()
fsupplgn.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [2009/01/05 05:35:18 | 00,000,226 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/01/05 05:34:56 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/01/05 05:34:56 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/01/05 05:34:51 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/01/05 05:34:51 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/01/05 05:34:45 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/01/05 05:34:45 | 00,588,856 | ---- | M] (Norman ASA)
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/01/05 05:34:29 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/01/05 05:34:29 | 00,001,348 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/01/05 05:34:29 | 00,000,444 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/01/05 05:34:29 | 00,000,444 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/01/05 05:34:29 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/01/05 05:34:29 | 00,000,243 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/01/05 03:53:40 | 31,545,830 | ---- | M] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/01/05 02:07:24 | 00,000,330 | -H-- | M] ()
Perflib_Perfdata_724.dat -> %SystemRoot%\Temp\Perflib_Perfdata_724.dat -> [2009/01/04 19:47:31 | 00,016,384 | ---- | M] ()
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009/01/04 19:15:42 | 00,290,745 | R--- | M] ()
hosts.20090104-191542.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090104-191542.backup -> [2009/01/04 19:15:18 | 00,290,745 | R--- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/01/04 18:47:03 | 00,666,736 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/01/04 18:47:03 | 00,234,764 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/01/04 18:47:03 | 00,222,364 | ---- | M] ()
Perflib_Perfdata_f50.dat -> %UserProfile%\Local Settings\temp\Perflib_Perfdata_f50.dat -> [2009/01/04 18:43:52 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_ed0.dat -> %UserProfile%\Local Settings\temp\Perflib_Perfdata_ed0.dat -> [2009/01/04 18:43:10 | 00,016,384 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/04 18:42:50 | 00,001,158 | ---- | M] ()
Perflib_Perfdata_6c4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_6c4.dat -> [2009/01/04 18:42:26 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/04 18:42:09 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/04 18:41:52 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/04 18:41:49 | 21,456,36352 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/04 14:25:51 | 08,912,896 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/04 14:25:50 | 00,000,278 | -HS- | M] ()
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [2009/01/04 14:25:39 | 00,000,268 | -H-- | M] ()
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [2009/01/04 14:25:39 | 00,000,244 | -H-- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/01/04 14:25:32 | 17,573,660 | -H-- | M] ()
hosts.20090104-191518.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090104-191518.backup -> [2009/01/04 13:35:23 | 00,000,686 | ---- | M] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009/01/04 13:34:33 | 00,578,560 | ---- | M] (Microsoft Corporation)
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2009/01/04 13:22:44 | 01,529,241 | ---- | M] ()
GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2009/01/04 12:53:17 | 00,089,088 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/04 12:43:44 | 00,000,264 | ---- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/04 11:32:08 | 02,888,012 | R--- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/04 10:34:04 | 00,054,156 | -H-- | M] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2009/01/04 10:34:04 | 00,001,409 | ---- | M] ()
paint line price.doc -> %UserProfile%\My Documents\paint line price.doc -> [2009/01/04 08:01:16 | 00,117,760 | ---- | M] ()
paint line.dwg -> %UserProfile%\My Documents\paint line.dwg -> [2009/01/04 07:51:33 | 00,100,928 | ---- | M] ()
a-squared Free.lnk -> %AllUsersProfile%\Desktop\a-squared Free.lnk -> [2009/01/04 04:20:55 | 00,000,648 | ---- | M] ()
a2FreeSetup.exe -> %ProgramFiles%\a2FreeSetup.exe -> [2009/01/04 04:20:23 | 12,861,144 | ---- | M] (Emsi Software GmbH )
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2009/01/03 21:03:48 | 00,000,268 | -H-- | M] ()
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2009/01/03 21:03:48 | 00,000,244 | -H-- | M] ()
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [2009/01/03 18:14:04 | 00,000,268 | -H-- | M] ()
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [2009/01/03 18:14:04 | 00,000,244 | -H-- | M] ()
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [2009/01/03 17:42:10 | 00,000,268 | -H-- | M] ()
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [2009/01/03 17:42:10 | 00,000,244 | -H-- | M] ()
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2009/01/03 08:04:12 | 00,000,268 | -H-- | M] ()
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2009/01/03 08:04:12 | 00,000,244 | -H-- | M] ()
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2009/01/03 03:31:05 | 00,000,268 | -H-- | M] ()
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2009/01/03 03:31:05 | 00,000,244 | -H-- | M] ()

Report •

#25
January 4, 2009 at 16:50:29
screenshot4.doc -> %UserProfile%\My Documents\screenshot4.doc -> [2009/01/03 03:22:38 | 00,213,504 | ---- | M] ()
screenshot3.doc -> %UserProfile%\My Documents\screenshot3.doc -> [2009/01/03 03:08:47 | 00,214,528 | ---- | M] ()
SCREENSHOT1.xls -> %UserProfile%\My Documents\SCREENSHOT1.xls -> [2009/01/03 03:06:09 | 00,212,992 | ---- | M] ()
screenshot2.doc -> %UserProfile%\My Documents\screenshot2.doc -> [2009/01/03 01:15:25 | 00,131,072 | ---- | M] ()
screenshot.doc -> %UserProfile%\My Documents\screenshot.doc -> [2009/01/03 01:10:12 | 00,233,472 | ---- | M] ()
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2009/01/03 00:35:37 | 00,000,268 | -H-- | M] ()
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2009/01/03 00:35:37 | 00,000,244 | -H-- | M] ()
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [2009/01/02 18:14:04 | 00,465,920 | -HS- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/02 18:13:55 | 00,009,216 | ---- | M] ()
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [2009/01/02 17:17:08 | 00,000,394 | ---- | M] ()
Skype.lnk -> %UserProfile%\Desktop\Skype.lnk -> [2009/01/02 16:54:07 | 00,002,257 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/01/02 08:45:53 | 00,014,903 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/02 08:23:20 | 00,005,489 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/02 08:23:20 | 00,004,232 | ---- | M] ()
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [2009/01/01 13:21:30 | 00,001,606 | ---- | M] ()
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [2009/01/01 11:30:24 | 00,000,268 | -H-- | M] ()
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [2009/01/01 11:30:23 | 00,000,244 | -H-- | M] ()
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2009/01/01 11:04:35 | 00,000,268 | -H-- | M] ()
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2009/01/01 11:04:35 | 00,000,244 | -H-- | M] ()
hosts.20090101-005302.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090101-005302.backup -> [2009/01/01 00:49:51 | 00,290,745 | R--- | M] ()
hosts.20090101-004951.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090101-004951.backup -> [2009/01/01 00:46:04 | 00,290,745 | R--- | M] ()
ds156_complete.pdf -> %UserProfile%\My Documents\ds156_complete.pdf -> [2008/12/31 12:14:31 | 00,169,191 | ---- | M] ()
pxark.sys -> %SystemRoot%\System32\drivers\pxark.sys -> [2008/12/30 21:36:38 | 00,026,808 | ---- | M] (Prevx)
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008/12/30 17:04:55 | 00,000,268 | -H-- | M] ()
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008/12/30 17:04:55 | 00,000,244 | -H-- | M] ()
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008/12/30 12:43:24 | 00,000,268 | -H-- | M] ()
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008/12/30 12:43:24 | 00,000,244 | -H-- | M] ()
address book backup.csv -> %UserProfile%\My Documents\address book backup.csv -> [2008/12/30 12:35:00 | 00,026,774 | ---- | M] ()
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [2008/12/30 11:02:28 | 00,000,268 | -H-- | M] ()
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [2008/12/30 11:02:28 | 00,000,244 | -H-- | M] ()
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2008/12/30 01:10:55 | 00,000,268 | -H-- | M] ()
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2008/12/30 01:10:55 | 00,000,244 | -H-- | M] ()
stan99.xls -> %UserProfile%\My Documents\stan99.xls -> [2008/12/29 18:36:31 | 00,047,104 | ---- | M] ()
Ed-Oil-Caps.gif -> %UserProfile%\My Documents\Ed-Oil-Caps.gif -> [2008/12/29 16:46:20 | 00,151,711 | ---- | M] ()
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [2008/12/29 13:28:26 | 00,000,268 | -H-- | M] ()
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [2008/12/29 13:28:26 | 00,000,244 | -H-- | M] ()
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [2008/12/28 22:25:20 | 00,000,268 | -H-- | M] ()
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [2008/12/28 22:25:20 | 00,000,244 | -H-- | M] ()
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [2008/12/28 19:22:56 | 00,000,268 | -H-- | M] ()
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [2008/12/28 19:22:56 | 00,000,244 | -H-- | M] ()
xpsp3.ibb -> %UserProfile%\Desktop\xpsp3.ibb -> [2008/12/28 16:32:24 | 00,001,330 | ---- | M] ()
SetupImgBurn_2.4.2.0.exe -> %ProgramFiles%\SetupImgBurn_2.4.2.0.exe -> [2008/12/28 16:29:45 | 01,971,378 | ---- | M] (LIGHTNING UK!)
XPSP3.exe -> %SystemDrive%\XPSP3.exe -> [2008/12/28 16:20:14 | 33,180,5736 | ---- | M] (Microsoft Corporation)
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [2008/12/28 15:42:20 | 00,000,268 | -H-- | M] ()
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [2008/12/28 15:42:20 | 00,000,244 | -H-- | M] ()
wxp10.zip -> %SystemDrive%\wxp10.zip -> [2008/12/28 14:45:38 | 00,004,145 | ---- | M] ()
~$ta.doc -> %UserProfile%\Desktop\~$ta.doc -> [2008/12/28 11:04:57 | 00,000,162 | -H-- | M] ()
painting line.doc -> %UserProfile%\My Documents\painting line.doc -> [2008/12/28 09:25:34 | 00,167,424 | ---- | M] ()
hosts.20090101-004604.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090101-004604.backup -> [2008/12/28 07:54:24 | 00,000,686 | ---- | M] ()
Hoster.exe -> %UserProfile%\Desktop\Hoster.exe -> [2008/12/28 07:53:32 | 00,199,680 | ---- | M] (Toadbee 2005)
DelDomains.inf -> %UserProfile%\Desktop\DelDomains.inf -> [2008/12/28 07:49:21 | 00,001,432 | ---- | M] ()
DelDomains.inf -> %ProgramFiles%\DelDomains.inf -> [2008/12/28 07:47:50 | 00,001,432 | ---- | M] ()
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [2008/12/27 23:58:17 | 00,000,268 | -H-- | M] ()
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [2008/12/27 23:58:17 | 00,000,244 | -H-- | M] ()
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2008/12/27 20:10:58 | 00,000,664 | ---- | M] ()
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [2008/12/27 17:05:44 | 00,000,268 | -H-- | M] ()
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [2008/12/27 17:05:44 | 00,000,244 | -H-- | M] ()
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [2008/12/27 13:16:48 | 00,000,268 | -H-- | M] ()
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [2008/12/27 13:16:48 | 00,000,244 | -H-- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/12/27 08:35:38 | 00,781,851 | ---- | M] ()
look.bat -> %UserProfile%\Desktop\look.bat -> [2008/12/25 22:01:11 | 00,000,059 | ---- | M] ()
ListDlls.zip -> %UserProfile%\Desktop\ListDlls.zip -> [2008/12/25 21:57:38 | 00,049,867 | ---- | M] ()
metal machine contract.doc -> %UserProfile%\My Documents\metal machine contract.doc -> [2008/12/25 15:00:53 | 00,035,840 | ---- | M] ()
nsreg.dat -> %SystemRoot%\nsreg.dat -> [2008/12/25 13:30:15 | 00,000,000 | ---- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/25 13:30:04 | 00,001,602 | ---- | M] ()
Firefox_Setup_3.0.5.exe -> %ProgramFiles%\Firefox_Setup_3.0.5.exe -> [2008/12/25 13:29:25 | 07,518,240 | ---- | M] (Mozilla)
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/12/25 13:21:01 | 00,000,250 | ---- | M] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/12/25 12:36:57 | 00,884,736 | ---- | M] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/12/25 12:36:57 | 00,085,969 | ---- | M] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/12/25 12:36:57 | 00,000,080 | ---- | M] ()
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/12/25 12:33:17 | 00,747,873 | ---- | M] ()
sreng2.zip -> %UserProfile%\Desktop\sreng2.zip -> [2008/12/25 12:26:52 | 00,863,754 | ---- | M] ()
winsockxpfix.exe -> %UserProfile%\Desktop\winsockxpfix.exe -> [2008/12/24 07:19:51 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions)
fix.reg -> %UserProfile%\Desktop\fix.reg -> [2008/12/23 22:40:11 | 00,000,893 | ---- | M] ()
Stan.xls -> %UserProfile%\My Documents\Stan.xls -> [2008/12/23 21:43:16 | 00,067,072 | ---- | M] ()
LOGO.doc -> %UserProfile%\My Documents\LOGO.doc -> [2008/12/23 12:04:36 | 00,057,856 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2008/12/23 07:13:57 | 00,000,281 | RHS- | M] ()
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> %UserProfile%\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> [2008/12/23 06:52:15 | 04,614,888 | ---- | M] (Microsoft Corporation)
ta.doc -> %UserProfile%\Desktop\ta.doc -> [2008/12/22 20:50:30 | 00,022,528 | ---- | M] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008/12/22 20:48:43 | 00,368,010 | ---- | M] ()
t.doc -> %UserProfile%\Desktop\t.doc -> [2008/12/22 10:49:58 | 00,022,528 | ---- | M] ()
ResetTeaTimer.bat -> %UserProfile%\Desktop\ResetTeaTimer.bat -> [2008/12/21 15:11:37 | 00,009,123 | ---- | M] ()
Attach.rar -> %UserProfile%\Desktop\Attach.rar -> [2008/12/21 05:19:19 | 00,002,653 | ---- | M] ()
dds.com -> %UserProfile%\Desktop\dds.com -> [2008/12/21 05:03:12 | 00,369,327 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 13:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 13:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
2009 Update Listing Form.doc -> %UserProfile%\My Documents\2009 Update Listing Form.doc -> [2008/12/13 04:23:34 | 00,036,864 | ---- | M] ()
tt.doc -> %UserProfile%\Desktop\tt.doc -> [2008/12/10 13:17:44 | 00,020,992 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/10 06:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation)
SpywareTerminator_Setup.exe -> %ProgramFiles%\SpywareTerminator_Setup.exe -> [2008/12/06 18:27:34 | 08,009,920 | ---- | M] (Crawler Inc. )
hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak -> [2008/12/04 19:01:20 | 00,289,478 | R--- | M] ()
hosts.20081204-190120.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081204-190120.backup -> [2008/12/04 19:01:02 | 00,289,478 | R--- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
mbam-setup.exe -> %ProgramFiles%\mbam-setup.exe -> [2008/12/03 10:44:38 | 02,372,472 | ---- | M] (Malwarebytes Corporation )
LIST PRODUCTS AND MATERIAL.xls -> %UserProfile%\My Documents\LIST PRODUCTS AND MATERIAL.xls -> [2008/12/03 10:23:57 | 00,016,896 | ---- | M] ()
hosts.20081204-190101.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081204-190101.backup -> [2008/12/03 07:37:19 | 00,288,320 | R--- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/12/03 06:10:39 | 00,001,548 | ---- | M] ()
CACO3.doc -> %UserProfile%\My Documents\CACO3.doc -> [2008/11/30 18:06:42 | 00,048,640 | ---- | M] ()
hosts.20081203-073719.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081203-073719.backup -> [2008/11/28 05:08:45 | 00,288,320 | R--- | M] ()
hosts.20081128-050845.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081128-050845.backup -> [2008/11/28 05:08:19 | 00,288,320 | R--- | M] ()
TELEX RELEASE.pdf -> %UserProfile%\My Documents\TELEX RELEASE.pdf -> [2008/11/25 07:16:56 | 00,050,175 | ---- | M] ()
TELEX RELEASE.doc -> %UserProfile%\My Documents\TELEX RELEASE.doc -> [2008/11/25 07:13:51 | 00,192,512 | ---- | M] ()
CG STEEL CO., LTD. ].ppt -> %UserProfile%\My Documents\CG STEEL CO., LTD. ].ppt -> [2008/11/24 09:44:14 | 00,073,728 | ---- | M] ()
2008 Request for Audit - NSF Cook Thurber (EP)-Plastic Intercon.xls -> %UserProfile%\My Documents\2008 Request for Audit - NSF Cook Thurber (EP)-Plastic Intercon.xls -> [2008/11/19 09:36:18 | 00,047,104 | ---- | M] ()
tuan mix container.xls -> %UserProfile%\My Documents\tuan mix container.xls -> [2008/11/18 11:02:01 | 00,026,624 | ---- | M] ()
tuan.xls -> %UserProfile%\My Documents\tuan.xls -> [2008/11/15 04:05:24 | 00,025,600 | ---- | M] ()
ccsetup213.exe -> %ProgramFiles%\ccsetup213.exe -> [2008/11/14 17:20:34 | 02,955,128 | ---- | M] (Piriform Ltd)
hosts.20081128-050819.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081128-050819.backup -> [2008/11/14 08:44:16 | 00,287,758 | R--- | M] ()
hosts.20081114-084416.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081114-084416.backup -> [2008/11/14 08:44:01 | 00,287,758 | R--- | M] ()
LimeWire 4.18.8.lnk -> %UserProfile%\Desktop\LimeWire 4.18.8.lnk -> [2008/11/12 19:24:43 | 00,001,580 | ---- | M] ()
LimeWireWin.exe -> %ProgramFiles%\LimeWireWin.exe -> [2008/11/12 19:24:09 | 04,900,376 | ---- | M] (Lime Wire LLC)
CHINA INT'L.xls -> %UserProfile%\My Documents\CHINA INT'L.xls -> [2008/11/11 17:25:53 | 00,022,528 | ---- | M] ()
Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [2008/11/11 05:58:15 | 00,000,851 | ---- | M] ()
Vendor Survey (Taiwan_HK) .doc -> %UserProfile%\My Documents\Vendor Survey (Taiwan_HK) .doc -> [2008/11/10 17:38:07 | 00,082,432 | ---- | M] ()
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/11/10 15:57:26 | 00,000,573 | ---- | M] ()
Confidentiality Agreement - Plastic Intercon.pdf -> %UserProfile%\My Documents\Confidentiality Agreement - Plastic Intercon.pdf -> [2008/10/29 03:20:27 | 00,046,306 | ---- | M] ()
Detail hanger.pdf -> %UserProfile%\My Documents\Detail hanger.pdf -> [2008/10/27 16:59:48 | 00,010,342 | ---- | M] ()
Detail hanger.xls -> %UserProfile%\My Documents\Detail hanger.xls -> [2008/10/27 16:59:35 | 00,016,384 | ---- | M] ()
mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 18:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 18:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008/10/23 19:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 19:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
tzchange.exe -> %SystemRoot%\System32\tzchange.exe -> [2008/10/23 17:06:59 | 00,062,976 | ---- | M] (Microsoft Corporation)
hosts.20081114-084401.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081114-084401.backup -> [2008/10/23 07:40:14 | 00,268,036 | R--- | M] ()
hosts.20081023-074014.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081023-074014.backup -> [2008/10/22 15:53:01 | 00,266,954 | R--- | M] ()
SHIPPING ORDER 404.doc -> %UserProfile%\My Documents\SHIPPING ORDER 404.doc -> [2008/10/22 15:21:35 | 00,076,288 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/17 05:10:26 | 00,286,112 | ---- | M] ()
wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/10/17 03:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/10/17 03:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/10/17 03:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/10/17 03:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/10/17 03:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/10/17 03:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/10/17 03:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/10/17 03:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\url.dll -> [2008/10/17 03:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/10/17 03:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/10/17 03:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/10/17 03:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/10/17 03:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/10/17 03:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/10/17 03:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/10/17 03:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/10/17 03:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/10/17 03:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/17 03:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/17 03:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/10/17 03:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/10/17 03:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/10/17 03:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/10/17 03:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/10/17 03:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/10/17 03:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/10/17 03:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/10/17 03:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/10/17 03:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/10/17 03:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/10/17 03:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/10/17 03:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/10/17 03:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/10/17 03:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/10/17 03:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/10/17 03:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/10/17 03:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/10/17 03:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/10/17 03:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/10/17 03:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/10/17 03:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/10/17 03:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/10/17 03:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/10/17 03:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/10/17 03:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/10/17 03:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/10/17 03:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/10/17 03:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/10/17 03:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/10/17 03:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/10/16 20:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/10/16 20:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/10/16 20:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/10/16 20:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation)
cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation)
wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation)
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation)
wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation)
mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2008/10/16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation)
muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2008/10/16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation)
mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2008/10/16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 23:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 23:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/10/15 14:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/10/15 14:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation)
ENQ# 10091 Request For Quote V3 - HANGERS.xls -> %UserProfile%\My Documents\ENQ# 10091 Request For Quote V3 - HANGERS.xls -> [2008/10/14 21:53:53 | 00,267,264 | ---- | M] ()
SHIPPING ORDER 344.doc -> %UserProfile%\My Documents\SHIPPING ORDER 344.doc -> [2008/10/13 21:32:20 | 00,076,288 | ---- | M] ()
logo.rar -> %UserProfile%\Desktop\logo.rar -> [2008/10/09 15:06:22 | 00,408,637 | ---- | M] ()
Smart Defrag.lnk -> %AllUsersProfile%\Desktop\Smart Defrag.lnk -> [2008/10/08 06:38:01 | 00,000,808 | ---- | M] ()
daas_s.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation)
wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/06/21 12:02:48 | 00,166,221 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/06/21 11:56:42 | 00,016,384 | ---- | M] ()


Report •

#26
January 4, 2009 at 16:51:40
[Files/Folders - Unicode - All]
???? ?????? ?????.wav -> C:\Documents and Settings\Michael\Desktop\信仰清谈 神灵超级市场 梁燕城博士.wav -> [2006/09/04 23:21:34 | 13,495,82892 | ---- | M] ()
????? ????.mp3 -> C:\Documents and Settings\Michael\Desktop\梁燕城博士 俗世迷情.mp3 -> [2007/02/03 17:04:50 | 10,558,704 | ---- | M] ()
SGS??.doc -> C:\Documents and Settings\Michael\My Documents\SGS正本.doc -> [2007/11/30 14:34:24 | 00,889,344 | ---- | M] ()
????????.dwg -> C:\Documents and Settings\Michael\My Documents\中山三水喷涂设备.dwg -> [2009/01/04 08:01:17 | 00,100,928 | ---- | M] ()
??????.jpg -> C:\Documents and Settings\Michael\My Documents\南盛公司资料.jpg -> [2007/12/05 09:38:38 | 00,030,635 | ---- | M] ()
?? ?? ?? ???7?31???????. xls.xls -> C:\Documents and Settings\Michael\My Documents\复件 复件 复件 肖小姐7月31日出货装车明细. xls.xls -> [2008/08/26 14:34:23 | 00,022,528 | ---- | M] ()
??? - ???.mp3 -> C:\Documents and Settings\Michael\My Documents\失戀篇 - 傷情路.mp3 -> [2007/08/12 10:22:06 | 02,162,403 | ---- | M] ()
?????3.wma -> C:\Documents and Settings\Michael\My Documents\奇妙的恩典3.wma -> [2008/04/12 19:26:47 | 02,178,512 | ---- | M] ()
???? ???.wma -> C:\Documents and Settings\Michael\My Documents\我好愛你 王菀之.wma -> [2007/08/12 10:16:49 | 02,312,259 | ---- | M] ()
???? (2).jpg -> C:\Documents and Settings\Michael\My Documents\月结协议 (2).jpg -> [2008/09/13 18:18:38 | 00,306,340 | ---- | M] ()
???? (3).jpg -> C:\Documents and Settings\Michael\My Documents\月结协议 (3).jpg -> [2008/09/13 18:19:04 | 00,257,511 | ---- | M] ()
???? (4).jpg -> C:\Documents and Settings\Michael\My Documents\月结协议 (4).jpg -> [2008/09/13 18:19:35 | 00,144,306 | ---- | M] ()
????.jpg -> C:\Documents and Settings\Michael\My Documents\月结协议.jpg -> [2008/09/13 18:17:59 | 00,274,139 | ---- | M] ()
???????????.doc -> C:\Documents and Settings\Michael\My Documents\海运出口运输订舱协议书.doc -> [2008/09/08 15:21:41 | 00,035,328 | ---- | M] ()
??.doc -> C:\Documents and Settings\Michael\My Documents\澱粉.doc -> [2007/02/03 09:41:49 | 00,027,136 | ---- | M] ()
?? 001.jpg -> C:\Documents and Settings\Michael\My Documents\照片 001.jpg -> [2007/11/30 14:51:59 | 00,281,641 | ---- | M] ()
?? 002.jpg -> C:\Documents and Settings\Michael\My Documents\照片 002.jpg -> [2007/11/30 14:55:38 | 01,059,133 | ---- | M] ()
??.jpg -> C:\Documents and Settings\Michael\My Documents\照片.jpg -> [2007/11/30 14:53:30 | 00,288,246 | ---- | M] ()
?????-1 -> C:\梁燕城博士-1 -> [2006/10/05 20:57:14 | 00,000,000 | ---D | M]
????.ram -> C:\梁燕城博士-1\众里寻祂.ram -> [2006/10/05 17:34:45 | 05,755,102 | ---- | M] ()
?????,?????.rm -> C:\梁燕城博士-1\古城所多玛,蛾摩拉之谜.rm -> [2006/10/05 20:57:14 | 00,991,877 | ---- | M] ()
?????????.rm -> C:\梁燕城博士-1\圣经与科学配合吗?.rm -> [2006/10/05 20:56:46 | 00,809,333 | ---- | M] ()
????.mp3 -> C:\梁燕城博士-1\如鹰展翅.mp3 -> [2006/10/05 17:31:49 | 06,832,369 | ---- | M] ()
?????(???).mp3 -> C:\梁燕城博士-1\清纯新世界(梁燕城).mp3 -> [2006/10/05 19:39:44 | 22,792,986 | ---- | M] ()
?????.mp3 -> C:\梁燕城博士-1\理性与信心.mp3 -> [2006/10/05 17:32:23 | 07,660,081 | ---- | M] ()
??,?????.mp3 -> C:\梁燕城博士-1\霍金,宇宙与上帝.mp3 -> [2006/10/05 17:34:48 | 11,498,689 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable

[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/30 21:36:27 | 00,000,000 | RH-D | M]
DassaultSystemes -> C:\Documents and Settings\All Users\Application Data\DassaultSystemes -> [2007/12/09 09:21:22 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2007/12/10 06:11:36 | 00,000,000 | ---D | M]
GlobalSCAPE -> C:\Documents and Settings\All Users\Application Data\GlobalSCAPE -> [2007/12/08 20:20:59 | 00,000,000 | ---D | M]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2008/07/18 15:07:55 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2005/11/14 17:17:01 | 00,000,000 | ---D | M]
PrevxCSI -> C:\Documents and Settings\All Users\Application Data\PrevxCSI -> [2008/12/30 21:41:35 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2005/11/14 16:41:03 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/02/15 03:45:18 | 00,000,000 | ---D | M]
TuneUp Software -> C:\Documents and Settings\All Users\Application Data\TuneUp Software -> [2007/12/29 18:49:49 | 00,000,000 | ---D | M]
WINPENJR -> C:\Documents and Settings\All Users\Application Data\WINPENJR -> [2008/10/03 07:03:53 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Michael\Application Data -> [2009/01/04 13:40:43 | 00,000,000 | RH-D | M]
CoffeeCup Software -> C:\Documents and Settings\Michael\Application Data\CoffeeCup Software -> [2008/02/15 02:23:19 | 00,000,000 | ---D | M]
DassaultSystemes -> C:\Documents and Settings\Michael\Application Data\DassaultSystemes -> [2007/12/09 09:21:21 | 00,000,000 | ---D | M]
GetRightToGo -> C:\Documents and Settings\Michael\Application Data\GetRightToGo -> [2007/09/23 07:46:18 | 00,000,000 | ---D | M]
GlobalSCAPE -> C:\Documents and Settings\Michael\Application Data\GlobalSCAPE -> [2007/12/08 20:20:56 | 00,000,000 | ---D | M]
ImgBurn -> C:\Documents and Settings\Michael\Application Data\ImgBurn -> [2008/12/28 16:33:19 | 00,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\Michael\Application Data\InterVideo -> [2006/06/21 11:22:09 | 00,000,000 | ---D | M]
Moyea -> C:\Documents and Settings\Michael\Application Data\Moyea -> [2008/12/23 22:45:09 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Documents and Settings\Michael\Application Data\muvee Technologies -> [2006/06/24 00:43:12 | 00,000,000 | ---D | M]
OLYMPUS -> C:\Documents and Settings\Michael\Application Data\OLYMPUS -> [2006/07/02 20:26:29 | 00,000,000 | ---D | M]
ppStream -> C:\Documents and Settings\Michael\Application Data\ppStream -> [2007/05/07 21:32:52 | 00,000,000 | ---D | M]
Template -> C:\Documents and Settings\Michael\Application Data\Template -> [2006/06/21 11:56:34 | 00,000,000 | ---D | M]
TuneUp Software -> C:\Documents and Settings\Michael\Application Data\TuneUp Software -> [2006/12/16 22:20:21 | 00,000,000 | ---D | M]
U3 -> C:\Documents and Settings\Michael\Application Data\U3 -> [2008/06/28 14:58:09 | 00,000,000 | ---D | M]
WinFF -> C:\Documents and Settings\Michael\Application Data\WinFF -> [2008/04/03 23:14:30 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/01/04 18:45:10 | 00,000,000 | --SD | M]
1-Click Maintenance.job -> C:\WINDOWS\Tasks\1-Click Maintenance.job -> [2009/01/02 17:17:08 | 00,000,394 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 15:00:00 | 00,000,065 | RH-- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2009/01/05 02:07:24 | 00,000,330 | -H-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/04 18:42:09 | 00,000,006 | -H-- | M] ()

[File - Purity Scan]

[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\servicepackfiles\i386\explorer.exe [2008/04/14 07:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2008/04/14 07:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> Cached Copy = 12896823FB95BFB3DC9B46BCAEDC9923 \ OS Copy = 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\servicepackfiles\i386\csrss.exe [2008/04/14 07:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2008/04/14 07:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = 44F275C64738EA2056E3D9580C23B60F \ OS Copy = 44F275C64738EA2056E3D9580C23B60F
C:\WINDOWS\servicepackfiles\i386\lsass.exe [2008/04/14 07:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2008/04/14 07:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = BF2466B3E18E970D8A976FB95FC1CA85 \ OS Copy = BF2466B3E18E970D8A976FB95FC1CA85
C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2008/04/14 07:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2008/04/14 07:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = 037B1E7798960E0420003D05BB577EE6 \ OS Copy = 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\servicepackfiles\i386\services.exe [2008/04/14 07:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2008/04/14 07:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> Cached Copy = 0E776ED5F7CC9F94299E70461B7B8185 \ OS Copy = 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\servicepackfiles\i386\smss.exe [2008/04/14 07:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2008/04/14 07:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = 5F816C1F539266D2D4C78694239DA0B5 \ OS Copy = 5F816C1F539266D2D4C78694239DA0B5
C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2008/04/14 07:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2008/04/14 07:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B \ OS Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
C:\WINDOWS\servicepackfiles\i386\svchost.exe [2008/04/14 07:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2008/04/14 07:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 \ OS Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2008/04/14 07:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2008/04/14 07:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = 2CD1C3506A85B38E2D17E61ADED175C4 \ OS Copy = 2CD1C3506A85B38E2D17E61ADED175C4
C:\WINDOWS\servicepackfiles\i386\userinit.exe [2008/04/14 07:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2008/04/14 07:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> Cached Copy = A93AEE1928A9D7CE3E16D24EC7380F89 \ OS Copy = A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2008/04/14 07:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2008/04/14 07:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> Cached Copy = ED0EF0A136DEC83DF69F04118870003E \ OS Copy = ED0EF0A136DEC83DF69F04118870003E

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000ca4
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Michael\Favorites\Website Trung Tâm Xúc Ti
C:\Documents and Settings\Michael\Favorites\Website Trung Tâm Xúc Ti
C:\Documents and Settings\Michael\Favorites\Christian Web Sites.url:favicon 822 bytes
C:\Documents and Settings\Michael\Favorites\Cityscape - The World's Largest Real Estate Investment Event.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\Club Sportiva Clubhouse Locations Nationally 415.978.9900.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\Yahoo! Image Detail for www.allproducts.com-chemical-hojhon-09-ldpe.jpg.url:favicon 6598 bytes
C:\Documents and Settings\Michael\Favorites\Yahoo! Image Detail for www.allproducts.com.tw-chemical-hojhon-03-hdpe.jpg.url:favicon 6598 bytes
C:\Documents and Settings\Michael\Favorites\Yahoo! Image Detail for www.iproducts.com.tw-chemical-hojhon-03-hdpe.jpg.url:favicon 6598 bytes
C:\Documents and Settings\Michael\Favorites\Yahoo! Image Detail for www.japonic.com-kimono-polyester-goldendragon4b.jpg.url:favicon 6598 bytes
C:\Documents and Settings\Michael\Favorites\Yahoo! Image Detail for www.kenplas.com-pp-closure-non-spill-label.jpg.url:favicon 6598 bytes
C:\Documents and Settings\Michael\Favorites\Yahoo!
C:\Documents and Settings\Michael\Favorites\Yahoo!
C:\Documents and Settings\Michael\Favorites\Export-Import Bank of the United States.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\F-Secure Support pages F-Secure Online Virus Scanner.url:favicon 7407 bytes
C:\Documents and Settings\Michael\Favorites\Fanal Industrial Co., Ltd. - Wooden Hanger, Wire Hanger, Plastic Hanger.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\FDI Vietnam - Everything you need about FDI in Vietnam - FDIEnterprises -.url:favicon 24570 bytes
C:\Documents and Settings\Michael\Favorites\The Lacquer Factory Quality Traditional Lacquerware from Vietnam - Factory photos.url:favicon 5774 bytes
C:\Documents and Settings\Michael\Favorites\Top Franchise Opportunities.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Total Productive Maintenance (TPM) Articles.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Total Productive Maintenance - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Apparel Factories eSourceApparel.url:favicon 3266 bytes
C:\Documents and Settings\Michael\Favorites\AQL sampling table double single Level I, Level Ii, level III.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Borealis - Pipes and Fittings.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\BP Launches Acclear® HP I-Series Polypropylene Resinsbr Designed for Injection Stretch Blow Molding Applications.url:favicon 22486 bytes
C:\Documents and Settings\Michael\Favorites\Businesses for sale Business For Sale Buy a business at MergerNetwork.com.url:favicon 7406 bytes
C:\Documents and Settings\Michael\Favorites\http--www.basf.com-PLASTICSWEB-displayanyfileid=0901a5e180004885.url:favicon 3574 bytes
C:\Documents and Settings\Michael\Favorites\http--www.rapidplastic.com-index.html.url:favicon 3262 bytes
C:\Documents and Settings\Michael\Favorites\http--www.seaquistclosures.com-@SCWebsite-Catalog-Catalog_Search.asppage=style.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\Redirect Problem With Yahoo and Google.url:favicon 22486 bytes
C:\Documents and Settings\Michael\Favorites\Renaissance Riverside Hotel - Discount Ho Chi Minh Hotel Reservations.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Sacmi Vietnam.url:favicon 20222 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\Global Sources - Product Search plastic fan mold.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Guangdong Qingting In-flights Supplies Co.,Ltd..url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\Live Search plastic hangers.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\manheim auto auction - EXPORTTRADER.COM.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\SHOUTcast Free internet radio!.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\SHOUTcast - HOME.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\Slatwall.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\SmitFraudFix.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\Hong Kong Radio Stations Live - Listen Online.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\How to back up and to restore Outlook Express data.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\How to reinstall or repair Internet Explorer in Windows XP.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\http--cgrs.cpic.gov.cn-trade-txt-his-04-xincon2-26.txt.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\video How To Make American Cheesecake (Food & Drink Dessert).url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\cap mould - Offers for cap mould - exporters, manufacturers, suppliers, wholesale, Traders, factories, Companies.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\capco wai shing - Yahoo! Search Results.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Chapter 23.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Chapter 24.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Chapter 25.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Chinese Internet Radio - Listen to Chinese online radio news and information and practice your Chinese!.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Most Recent Decisions of First Department.url:favicon 4710 bytes
C:\Documents and Settings\Michael\Favorites\plastic hanger - Yahoo! Search Results.url:favicon 6598 bytes
C:\Documents and Settings\Michael\Favorites\Plastic Hangers on ThomasNet.com.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Plastic Resin Prices.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\plasticnmore.com Products.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\Wells Fargo Credit Cards - Wells Fargo Visa Platinum Card.url:favicon 1078 bytes
C:\Documents and Settings\Michael\Favorites\www.borouge.com - PE injection moulding.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\www.tuyendung.com.vn - Khong ngung thang tien.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\Dizzy.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\EC Plaza Inquiry.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Introduction To Balance Transfers.url:favicon 161862 bytes
C:\Documents and Settings\Michael\Favorites\kochiu77 - Computing.Net.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\Kohls Connection.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\Koish.com - Chinese Radio.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\http--www.vics.org-committees-frm-VICS_Intimate_Grid_02-27-07.XLS.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Instant Car Lease Quotes from LeaseCompare.com.url:favicon 3262 bytes
C:\Documents and Settings\Michael\Favorites\Hijack browser problem. Please help..url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Hillary Clinton Collapses During Speech Following 24-Hour Flu - CME Teaching Brief® - MedPage Today.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\Hochiminh City Restaurant Directory Search by Occasion - anan Vietnam.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\. Easy Property - Advanced Search.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\10
C:\Documents and Settings\Michael\Favorites\2007 International 7700 Kimble Mixer Trucks - Mixer For Sale at TruckerToTrucker.com.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Truck Importers.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\Stack o' Doughnuts on Flickr - Photo Sharing!.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\Technical Manual.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\86-0576-84887496
C:\Documents and Settings\Michael\Favorites\86-0579-84268303
C:\Documents and Settings\Michael\Favorites\A-Z Freight Gateway.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\FileHippo.com - Download Free Software.url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\Find a Local Sales Representative.url:favicon 4286 bytes
C:\Documents and Settings\Michael\Favorites\Find Your Car Search In Progress - AutoTrader.com.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Fittings for PPR pipe PPR pipe fittings.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Food Grade Plastic Containers For Brining - The Virtual Weber Bullet.url:favicon 318 bytes
C:\Documents and Settings\Michael\Favorites\Friends from Cambodia.url:favicon 568 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\YourFileHost.com - Free hosting for ALL your files S2.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\YouTube - Dick Van Dyke - Chim Chim Cher-ee 1,12 min.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\YouTube - Mary Poppins A Spoonful Of Sugar.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\YouTube -
C:\Documents and Settings\Michael\Favorites\Tuyen dung, viec lam, tuy
C:\Documents and Settings\Michael\Favorites\United Airlines - Non-Stop Flights Operated From Ho Chi Minh City, Vietnam (SGN).url:favicon 1406 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\Vietnam latest news - Thanh Nien Daily.url:favicon 2550 bytes
C:\Documents and Settings\Michael\Favorites\Vietnam Top 1000 websites - Vietnam web - Best website in Vietnam.url:favicon 822 bytes
C:\Documents and Settings\Michael\Favorites\Vietnam Travel - An Online Vietnam Travel Services and Vietnam Hotel Reservation System at iViVu.com.url:favicon 894 bytes
C:\Documents and Settings\Michael\Favorites\Vietnam Travel Tours and Holidays - Haivenu.url:favicon 3638 bytes
C:\Documents and Settings\Michael\Favorites\Vietnam Tribune - Vietnam News.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\Programs On Line. Trans World Radio
C:\Documents and Settings\Michael\Favorites\Quad-Lock Insulated Concrete Forms - ICF Homeowner Video.url:favicon 12014 bytes
C:\Documents and Settings\Michael\Favorites\Computing.Net - computer mouse pointer freezes.url:favicon 1150 bytes
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
C:\Documents and Settings\Michael\Favorites\
scan completed successfully
hidden files: 314


Report •

#27
January 4, 2009 at 16:53:23
[Custom Scans]
< %systemroot%\Prefetch\*.* /s >
C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2009/01/05 03:35:16 | 00,000,000 | ---D | M]
layout.ini -> C:\WINDOWS\Prefetch\layout.ini -> [2009/01/04 06:37:27 | 00,204,614 | ---- | M] ()
< %systemroot%\system32\drivers\*.dat >
< %systemroot%\Temp\bca4e2da.$$$ >
< %systemroot%\Temp\ed47fa.$ >
< %systemroot%\Temp\fa56d7ec.$$$ >
< %systemroot%\System32\antiwpa.dll >
< %PROGRAMFILES%\*crack*. >
Program Files -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\*keygen*. >
Program Files -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*crack*. >
OTScanIt2 -> C: -> [2009/01/05 07:31:00 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*keygen*. >
OTScanIt2 -> C: -> [2009/01/05 07:31:00 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*.zip >
C:\ -> -> [2009/01/05 07:31:00 | 00,000,000 | ---D | M]
wxp10.zip -> C:\wxp10.zip -> [2008/12/28 14:45:38 | 00,004,145 | ---- | M] ()
< %SYSTEMDRIVE%\*.rar >
< %SYSTEMDRIVE%\*.exe >
C:\ -> -> [2009/01/05 07:31:00 | 00,000,000 | ---D | M]
StubInstaller.exe -> C:\StubInstaller.exe -> [2005/10/31 22:56:00 | 00,700,416 | ---- | M] (LimeWire)
TU2007TrialEN.exe -> C:\TU2007TrialEN.exe -> [2006/12/20 15:33:33 | 09,568,776 | ---- | M] ()
XPSP3.exe -> C:\XPSP3.exe -> [2008/12/28 16:20:14 | 33,180,5736 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\*.dll >
< %systemroot%\*.zip >
< %systemroot%\*.rar >
< %systemroot%\system32\*.zip >
< %systemroot%\system32\*.rar >
< %PROGRAMFILES%\*.zip >
C:\Program Files\ -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
fg172.zip -> C:\Program Files\fg172.zip -> [2006/09/28 22:04:05 | 02,161,796 | ---- | M] ()
< %PROGRAMFILES%\*.rar >
< %PROGRAMFILES%\*.exe >
C:\Program Files\ -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
2006v1svlite.exe -> C:\Program Files\2006v1svlite.exe -> [2007/12/09 12:33:48 | 05,334,510 | ---- | M] (Solid Concepts Inc. )
a2FreeSetup.exe -> C:\Program Files\a2FreeSetup.exe -> [2009/01/04 04:20:23 | 12,861,144 | ---- | M] (Emsi Software GmbH )
aaw2007.exe -> C:\Program Files\aaw2007.exe -> [2007/10/08 09:46:40 | 19,755,376 | ---- | M] ()
aaw2008.exe -> C:\Program Files\aaw2008.exe -> [2008/07/22 20:54:49 | 19,153,264 | ---- | M] ()
aawsepersonal.exe -> C:\Program Files\aawsepersonal.exe -> [2006/06/25 01:47:16 | 02,855,080 | ---- | M] ()
Acro3D80_efg.exe -> C:\Program Files\Acro3D80_efg.exe -> [2007/12/09 21:47:20 | 28,201,2712 | ---- | M] ( )
ATF-Cleaner.exe -> C:\Program Files\ATF-Cleaner.exe -> [2008/12/27 10:03:47 | 00,050,688 | ---- | M] (Atribune.org)
avg_free_stf_en_8_138a1332.exe -> C:\Program Files\avg_free_stf_en_8_138a1332.exe -> [2008/07/18 15:04:48 | 48,367,896 | ---- | M] (AVG Technologies)
AWCSetup.exe -> C:\Program Files\AWCSetup.exe -> [2008/07/31 20:48:27 | 06,552,472 | ---- | M] (IObit )
ccsetup203.exe -> C:\Program Files\ccsetup203.exe -> [2007/12/10 07:28:39 | 02,724,328 | ---- | M] (Piriform Ltd)
ccsetup207.exe -> C:\Program Files\ccsetup207.exe -> [2008/05/28 19:42:18 | 02,897,456 | ---- | M] (Piriform Ltd)
ccsetup209.exe -> C:\Program Files\ccsetup209.exe -> [2008/07/22 20:28:30 | 02,919,360 | ---- | M] (Piriform Ltd)
ccsetup213.exe -> C:\Program Files\ccsetup213.exe -> [2008/11/14 17:20:34 | 02,955,128 | ---- | M] (Piriform Ltd)
CoffeeFreeFTPInstaller.exe -> C:\Program Files\CoffeeFreeFTPInstaller.exe -> [2008/02/15 02:22:06 | 03,742,383 | ---- | M] (InstallShield Software Corporation)
cuteftp3p.exe -> C:\Program Files\cuteftp3p.exe -> [2008/02/15 02:12:57 | 06,876,368 | ---- | M] (GlobalSCAPE Texas, LP )
eDrawingsFullEnglish.exe -> C:\Program Files\eDrawingsFullEnglish.exe -> [2007/12/09 09:15:03 | 25,555,344 | ---- | M] (SolidWorks Corporation )
en_dpchameleon.exe -> C:\Program Files\en_dpchameleon.exe -> [2006/09/20 12:16:31 | 01,107,866 | ---- | M] ()
fgf173.exe -> C:\Program Files\fgf173.exe -> [2006/09/28 22:08:18 | 03,224,047 | ---- | M] ()
Firefox_Setup_3.0.5.exe -> C:\Program Files\Firefox_Setup_3.0.5.exe -> [2008/12/25 13:29:25 | 07,518,240 | ---- | M] (Mozilla)
FLV PlayerRCATSetup.exe -> C:\Program Files\FLV PlayerRCATSetup.exe -> [2007/09/23 07:48:18 | 03,655,488 | ---- | M] ()
FLV PlayerRCSetup.exe -> C:\Program Files\FLV PlayerRCSetup.exe -> [2007/09/23 07:43:43 | 00,411,248 | ---- | M] (Applian Technologies Inc.)
freedwgviewer.exe -> C:\Program Files\freedwgviewer.exe -> [2007/12/09 11:00:42 | 14,837,512 | ---- | M] (InstallShield Software Corporation)
FTPNow26.exe -> C:\Program Files\FTPNow26.exe -> [2008/02/15 03:44:54 | 01,865,073 | ---- | M] ()
klcodec385s.exe -> C:\Program Files\klcodec385s.exe -> [2008/04/03 23:30:37 | 07,545,416 | ---- | M] ( )
LimeWireWin.exe -> C:\Program Files\LimeWireWin.exe -> [2008/11/12 19:24:09 | 04,900,376 | ---- | M] (Lime Wire LLC)
mbam-setup.exe -> C:\Program Files\mbam-setup.exe -> [2008/12/03 10:44:38 | 02,372,472 | ---- | M] (Malwarebytes Corporation )
msgr8us.exe -> C:\Program Files\msgr8us.exe -> [2006/09/21 11:44:02 | 00,443,432 | ---- | M] ()
recordanythingtrial.exe -> C:\Program Files\recordanythingtrial.exe -> [2006/09/04 20:42:23 | 01,095,964 | ---- | M] (Media Force Software )
recordsmart10setup.exe -> C:\Program Files\recordsmart10setup.exe -> [2006/09/04 20:59:48 | 00,524,288 | ---- | M] ()
ring-Voiz-v620.exe -> C:\Program Files\ring-Voiz-v620.exe -> [2006/07/03 01:59:11 | 00,746,123 | ---- | M] ()
rminstall.exe -> C:\Program Files\rminstall.exe -> [2007/12/08 18:46:02 | 05,831,160 | ---- | M] (PC Tools )
SetupImgBurn_2.4.2.0.exe -> C:\Program Files\SetupImgBurn_2.4.2.0.exe -> [2008/12/28 16:29:45 | 01,971,378 | ---- | M] (LIGHTNING UK!)
ShiYang71b.exe -> C:\Program Files\ShiYang71b.exe -> [2008/10/03 07:00:39 | 99,380,377 | ---- | M] ()
SkypeSetup.exe -> C:\Program Files\SkypeSetup.exe -> [2007/04/30 10:45:56 | 20,942,920 | ---- | M] (Skype Technologies S.A. )
spybotsd160.exe -> C:\Program Files\spybotsd160.exe -> [2008/07/22 21:23:31 | 15,083,520 | ---- | M] (Safer Networking Limited )
SpywareTerminator_Setup.exe -> C:\Program Files\SpywareTerminator_Setup.exe -> [2008/12/06 18:27:34 | 08,009,920 | ---- | M] (Crawler Inc. )
SUPERAntiSpyware.exe -> C:\Program Files\SUPERAntiSpyware.exe -> [2007/11/24 11:25:06 | 05,914,648 | ---- | M] ()
Tom-SkypeSetup.exe -> C:\Program Files\Tom-SkypeSetup.exe -> [2006/06/25 02:11:23 | 10,887,904 | ---- | M] (Skype Technologies S.A. )
TU2007TrialEN.exe -> C:\Program Files\TU2007TrialEN.exe -> [2007/03/24 16:28:42 | 09,568,776 | ---- | M] ()
turtleparadise_demo.exe -> C:\Program Files\turtleparadise_demo.exe -> [2006/06/25 01:42:12 | 04,411,968 | ---- | M] ()
winzip100.exe -> C:\Program Files\winzip100.exe -> [2006/06/25 01:50:04 | 05,846,632 | ---- | M] ()
wrar362.exe -> C:\Program Files\wrar362.exe -> [2007/01/23 20:22:23 | 01,035,271 | ---- | M] ()
< %PROGRAMFILES%\*.dll >
Invalid Environment Variable: DESKTOP
Invalid Environment Variable: DESKTOP
Invalid Environment Variable: DESKTOP
< %PROGRAMFILES%\Common Files\*.* >
< %PROGRAMFILES%\Common Files\*bak*. >
Common Files -> C:\Program Files\Common Files -> [2009/01/04 12:41:00 | 00,000,000 | ---D | M]
< %systemroot%\SYSTEM32\*bak*. >
system32 -> C:\WINDOWS\SYSTEM32 -> [2009/01/04 18:47:03 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\*bak*. >
Program Files -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
< %USERNAME%\*.zip >
< %USERNAME%\*.rar >
< %USERNAME%\*.exe >
< %USERPROFILE%\*.zip >
< %USERPROFILE%\*.rar >
< %USERPROFILE%\*.exe >
< %ALLUSERSPROFILE%\*.zip >
< %ALLUSERSPROFILE%\*.rar >
< %ALLUSERSPROFILE%\*.exe >
< %APPDATA%\*.zip >
< %APPDATA%\*.rar >
< %APPDATA%\*.exe >
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSAPPDATA
Invalid Environment Variable: ALLUSERSAPPDATA
Invalid Environment Variable: ALLUSERSAPPDATA
< %APPDATA%\*.zip >
< %APPDATA%\*.rar >
< %APPDATA%\*.exe >
< %APPDATA%\*.dat >
C:\Documents and Settings\Michael\Application Data\ -> C:\Documents and Settings\Michael\Application Data -> [2009/01/04 13:40:43 | 00,000,000 | RH-D | M]
wklnhst.dat -> C:\Documents and Settings\Michael\Application Data\wklnhst.dat -> [2007/07/26 17:26:10 | 00,000,000 | ---- | M] ()
< %APPDATA%\*.dll >
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: MYDOCUMENTS
Invalid Environment Variable: MYDOCUMENTS
Invalid Environment Variable: MYDOCUMENTS
< %PROGRAMFILES%\Mozilla Firefox\plugins\*.* >
C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2008/12/25 13:30:01 | 00,000,000 | ---D | M]
npnul32.dll -> C:\Program Files\Mozilla Firefox\plugins\npnul32.dll -> [2008/12/03 03:12:14 | 00,065,528 | ---- | M] (mozilla.org)
< %PROGRAMFILES%\Internet Explorer\*.* >
C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2009/01/04 23:58:25 | 00,000,000 | ---D | M]
custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 00,033,792 | ---- | M] (Microsoft Corporation)
HMMAPI.DLL -> C:\Program Files\Internet Explorer\HMMAPI.DLL -> [2006/10/17 11:44:36 | 00,060,416 | ---- | M] (Microsoft Corporation)
iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 12:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2006/11/07 21:03:36 | 00,287,744 | ---- | M] (Microsoft Corporation)
IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2008/10/15 14:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
ssapi.log -> C:\Program Files\Internet Explorer\ssapi.log -> [2009/01/05 03:29:04 | 00,606,469 | ---- | M] ()
ssapi.log.bak -> C:\Program Files\Internet Explorer\ssapi.log.bak -> [2009/01/04 23:58:23 | 04,000,047 | ---- | M] ()
1 C:\Program Files\Internet Explorer\*.tmp files -> C:\Program Files\Internet Explorer\*.tmp ->
< %PROGRAMFILES%\Mozilla Firefox\*.zip /s >
< %PROGRAMFILES%\Mozilla Firefox\*.rar /s >
< %PROGRAMFILES%\Mozilla Firefox\*.exe /s >
C:\Program Files\Mozilla Firefox\ -> C:\Program Files\Mozilla Firefox -> [2009/01/05 04:23:30 | 00,000,000 | ---D | M]
crashreporter.exe -> C:\Program Files\Mozilla Firefox\crashreporter.exe -> [2008/12/03 03:11:52 | 00,185,848 | ---- | M] (Mozilla Foundation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2008/12/03 03:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation)
updater.exe -> C:\Program Files\Mozilla Firefox\updater.exe -> [2008/12/03 03:12:08 | 00,242,168 | ---- | M] (Mozilla Foundation)
C:\Program Files\Mozilla Firefox\uninstall\ -> C:\Program Files\Mozilla Firefox\uninstall -> [2008/12/25 13:30:03 | 00,000,000 | ---D | M]
helper.exe -> C:\Program Files\Mozilla Firefox\uninstall\helper.exe -> [2008/12/03 03:11:50 | 00,509,536 | ---- | M] (Mozilla Corporation)
< %PROGRAMFILES%\Internet Explorer\*.zip /s >
< %PROGRAMFILES%\Internet Explorer\*.rar /s >
< %PROGRAMFILES%\Internet Explorer\*.exe /s >
C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2009/01/04 23:58:25 | 00,000,000 | ---D | M]
iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 12:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation)
IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2008/10/15 14:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
1 C:\Program Files\Internet Explorer\*.tmp files -> C:\Program Files\Internet Explorer\*.tmp ->
C:\Program Files\Internet Explorer\Connection Wizard\ -> C:\Program Files\Internet Explorer\Connection Wizard -> [2008/09/11 20:13:06 | 00,000,000 | ---D | M]
icwconn1.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe -> [2008/04/14 07:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation)
icwconn2.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe -> [2008/04/14 07:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation)
icwrmind.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe -> [2008/04/14 07:12:22 | 00,024,576 | ---- | M] (Microsoft Corporation)
icwtutor.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe -> [2004/08/04 15:00:00 | 00,073,728 | ---- | M] (Microsoft Corporation)
inetwiz.exe -> C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe -> [2008/04/14 07:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation)
isignup.exe -> C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe -> [2004/08/04 15:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\*.dat >
< %SYSTEMDRIVE%\*.sys >
C:\ -> -> [2009/01/05 07:31:00 | 00,000,000 | ---D | M]
hiberfil.sys -> C:\hiberfil.sys -> [2009/01/04 18:41:49 | 21,456,36352 | -HS- | M] ()
IO.SYS -> C:\IO.SYS -> [2006/08/21 06:08:40 | 00,000,000 | RHS- | M] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2006/08/21 06:08:40 | 00,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2009/01/04 18:41:47 | 80,530,6368 | -HS- | M] ()
< %SYSTEMROOT%\*.dat >
C:\WINDOWS\ -> C:\WINDOWS -> [2009/01/04 21:48:13 | 00,000,000 | ---D | M]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/01/04 18:41:52 | 00,002,048 | --S- | M] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2008/12/25 13:30:15 | 00,000,000 | ---- | M] ()
< %SYSTEMROOT%\*.sys >
< %systemroot%\system32\drivers\*.exe /s >
< %systemroot%\system32\drivers\*.zip /s >
< %systemroot%\system32\drivers\*.rar /s >
< %systemroot%\system\*.exe /s >
< %systemroot%\system\*.zip /s >
< %systemroot%\system\*.rar /s >
< %systemroot%\AppPatch\*.exe /s >
< %systemroot%\AppPatch\*.zip /s >
< %systemroot%\AppPatch\*.rar /s >
< %systemroot%\Cache\*.* >
< %systemroot%\Downloaded Program Files\*.* >
C:\WINDOWS\Downloaded Program Files\ -> C:\WINDOWS\Downloaded Program Files -> [2009/01/05 05:23:49 | 00,000,000 | --SD | M]
16lt.ico -> C:\WINDOWS\Downloaded Program Files\16lt.ico -> [2006/09/24 17:52:18 | 00,003,638 | ---- | M] ()
16xl.ico -> C:\WINDOWS\Downloaded Program Files\16xl.ico -> [2006/09/24 17:52:18 | 00,003,638 | ---- | M] ()
as2stubie.dll -> C:\WINDOWS\Downloaded Program Files\as2stubie.dll -> [2008/06/30 10:39:58 | 00,128,256 | ---- | M] ()
as2stubie.inf -> C:\WINDOWS\Downloaded Program Files\as2stubie.inf -> [2008/06/27 16:47:36 | 00,000,289 | ---- | M] ()
asinst.dll -> C:\WINDOWS\Downloaded Program Files\asinst.dll -> [2006/08/24 08:28:54 | 00,141,424 | ---- | M] ()
asinst.inf -> C:\WINDOWS\Downloaded Program Files\asinst.inf -> [2006/08/22 09:06:30 | 00,000,537 | ---- | M] ()
auc_lib.dll -> C:\WINDOWS\Downloaded Program Files\auc_lib.dll -> [2008/02/27 15:59:28 | 00,290,816 | ---- | M] ()
avsniff.dll -> C:\WINDOWS\Downloaded Program Files\avsniff.dll -> [2008/01/15 22:12:38 | 00,312,680 | ---- | M] ()
avsniff.inf -> C:\WINDOWS\Downloaded Program Files\avsniff.inf -> [2008/10/23 04:02:40 | 00,000,773 | ---- | M] ()
avsniffdlgs.dll -> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll -> [2008/01/15 22:12:40 | 00,255,336 | ---- | M] ()
bdcore.dll -> C:\WINDOWS\Downloaded Program Files\bdcore.dll -> [2008/01/09 15:01:48 | 00,000,032 | ---- | M] ()
bdupd.dll -> C:\WINDOWS\Downloaded Program Files\bdupd.dll -> [2008/01/09 15:01:48 | 00,118,784 | ---- | M] ()
ca.pub -> C:\WINDOWS\Downloaded Program Files\ca.pub -> [2008/02/27 15:59:28 | 00,000,541 | ---- | M] ()
CabSA.inf -> C:\WINDOWS\Downloaded Program Files\CabSA.inf -> [2008/01/15 22:04:54 | 00,000,241 | ---- | M] ()
catalog.dat -> C:\WINDOWS\Downloaded Program Files\catalog.dat -> [2008/12/24 01:00:00 | 00,002,504 | ---- | M] ()
cham.ocx -> C:\WINDOWS\Downloaded Program Files\cham.ocx -> [2004/06/30 10:31:00 | 00,299,008 | ---- | M] ()
daas_s.dll -> C:\WINDOWS\Downloaded Program Files\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Downloaded Program Files\desktop.ini -> [2004/08/07 19:56:32 | 00,000,065 | -H-- | M] ()
dwusplay.dll -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll -> [2002/07/26 09:13:18 | 00,024,576 | ---- | M] ()
dwusplay.exe -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe -> [2002/07/26 09:13:12 | 00,196,608 | ---- | M] ()
ecbootil.vxd -> C:\WINDOWS\Downloaded Program Files\ecbootil.vxd -> [2008/12/24 01:00:00 | 00,006,899 | ---- | M] ()
ecmldr32.dll -> C:\WINDOWS\Downloaded Program Files\ecmldr32.dll -> [2008/01/15 22:02:44 | 00,042,112 | ---- | M] ()
ecmsvr32.dll -> C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll -> [2008/12/24 01:00:00 | 00,259,368 | ---- | M] ()
eModelsStandard.inf -> C:\WINDOWS\Downloaded Program Files\eModelsStandard.inf -> [2007/06/16 01:26:46 | 00,000,374 | ---- | M] ()
FP_AX_CAB_INSTALLER.exe -> C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe -> [2007/11/20 16:04:32 | 01,523,536 | ---- | M] ()
fscax.dll -> C:\WINDOWS\Downloaded Program Files\fscax.dll -> [2008/02/27 16:00:12 | 00,262,144 | ---- | M] ()
fscax.inf -> C:\WINDOWS\Downloaded Program Files\fscax.inf -> [2008/02/27 15:59:28 | 00,000,614 | ---- | M] ()
gatelauncher.exe -> C:\WINDOWS\Downloaded Program Files\gatelauncher.exe -> [2008/02/27 15:59:16 | 00,588,392 | ---- | M] ()
hcImpl.inf -> C:\WINDOWS\Downloaded Program Files\hcImpl.inf -> [2007/09/21 15:15:48 | 00,000,727 | ---- | M] ()
Housecall_ActiveX.dll -> C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll -> [2008/05/02 14:22:56 | 00,385,536 | ---- | M] ()
HPISDataManager.dll -> C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll -> [2006/07/31 11:20:10 | 00,188,416 | ---- | M] ()
HPISDataManager.inf -> C:\WINDOWS\Downloaded Program Files\HPISDataManager.inf -> [2006/07/31 11:35:36 | 00,001,255 | ---- | M] ()
imcv1.dll -> C:\WINDOWS\Downloaded Program Files\imcv1.dll -> [2004/10/21 04:04:56 | 00,397,312 | ---- | M] ()
ipsupd.dll -> C:\WINDOWS\Downloaded Program Files\ipsupd.dll -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
isusweb.dll -> C:\WINDOWS\Downloaded Program Files\isusweb.dll -> [2004/07/28 07:48:52 | 00,323,584 | ---- | M] ()
lang.ini -> C:\WINDOWS\Downloaded Program Files\lang.ini -> [2008/02/26 15:42:52 | 00,007,724 | ---- | M] ()
LegitCheckControl.inf -> C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf -> [2006/12/11 16:44:00 | 00,000,367 | ---- | M] ()
libfn.dll -> C:\WINDOWS\Downloaded Program Files\libfn.dll -> [2008/01/09 15:01:48 | 00,000,032 | ---- | M] ()
live.ini -> C:\WINDOWS\Downloaded Program Files\live.ini -> [2008/01/21 17:43:22 | 00,000,130 | ---- | M] ()
navapi.vxd -> C:\WINDOWS\Downloaded Program Files\navapi.vxd -> [2008/01/15 22:02:58 | 00,006,850 | ---- | M] ()
navapi32.dll -> C:\WINDOWS\Downloaded Program Files\navapi32.dll -> [2008/01/15 22:02:58 | 00,201,896 | ---- | M] ()
naveng32.dll -> C:\WINDOWS\Downloaded Program Files\naveng32.dll -> [2008/12/24 01:00:00 | 00,177,520 | ---- | M] ()
navex32a.dll -> C:\WINDOWS\Downloaded Program Files\navex32a.dll -> [2008/12/24 01:00:00 | 01,181,040 | ---- | M] ()
OnlineScanner.inf -> C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf -> [2008/12/04 08:57:26 | 00,000,172 | ---- | M] ()
oscan8.inf -> C:\WINDOWS\Downloaded Program Files\oscan8.inf -> [2008/02/07 14:06:26 | 00,001,248 | ---- | M] ()
oscan82.ocx -> C:\WINDOWS\Downloaded Program Files\oscan82.ocx -> [2008/02/26 15:59:18 | 00,487,424 | ---- | M] ()
rufsi.dll -> C:\WINDOWS\Downloaded Program Files\rufsi.dll -> [2008/01/15 22:12:48 | 00,296,336 | ---- | M] ()
scanoptions.tsi -> C:\WINDOWS\Downloaded Program Files\scanoptions.tsi -> [2008/01/09 15:01:48 | 00,006,828 | ---- | M] ()
scrauth.dat -> C:\WINDOWS\Downloaded Program Files\scrauth.dat -> [2008/12/24 01:00:00 | 00,097,776 | ---- | M] ()
swdir.inf -> C:\WINDOWS\Downloaded Program Files\swdir.inf -> [2008/08/06 15:36:00 | 00,000,144 | ---- | M] ()
swflash.inf -> C:\WINDOWS\Downloaded Program Files\swflash.inf -> [2007/11/20 15:50:22 | 00,000,247 | ---- | M] ()
symaveng.cat -> C:\WINDOWS\Downloaded Program Files\symaveng.cat -> [2008/12/24 01:00:00 | 00,009,657 | ---- | M] ()
symaveng.inf -> C:\WINDOWS\Downloaded Program Files\symaveng.inf -> [2008/12/24 01:00:00 | 00,001,063 | ---- | M] ()
talk.inf -> C:\WINDOWS\Downloaded Program Files\talk.inf -> [2004/10/21 04:04:00 | 00,000,725 | ---- | M] ()
tcdefs.dat -> C:\WINDOWS\Downloaded Program Files\tcdefs.dat -> [2008/12/24 01:00:00 | 00,487,585 | ---- | M] ()
tcscan7.dat -> C:\WINDOWS\Downloaded Program Files\tcscan7.dat -> [2008/12/24 01:00:00 | 07,280,994 | ---- | M] ()
tcscan8.dat -> C:\WINDOWS\Downloaded Program Files\tcscan8.dat -> [2008/12/24 01:00:00 | 00,168,272 | ---- | M] ()
tcscan9.dat -> C:\WINDOWS\Downloaded Program Files\tcscan9.dat -> [2008/12/24 01:00:00 | 00,481,059 | ---- | M] ()
tinf.dat -> C:\WINDOWS\Downloaded Program Files\tinf.dat -> [2008/12/24 01:00:00 | 00,000,453 | ---- | M] ()
tinfidx.dat -> C:\WINDOWS\Downloaded Program Files\tinfidx.dat -> [2008/12/24 01:00:00 | 00,000,148 | ---- | M] ()
tinfl.dat -> C:\WINDOWS\Downloaded Program Files\tinfl.dat -> [2008/12/24 01:00:00 | 00,001,957 | ---- | M] ()
tscan1.dat -> C:\WINDOWS\Downloaded Program Files\tscan1.dat -> [2008/12/24 01:00:00 | 00,072,567 | ---- | M] ()
tscan1hd.dat -> C:\WINDOWS\Downloaded Program Files\tscan1hd.dat -> [2008/12/24 01:00:00 | 00,003,760 | ---- | M] ()
v.grd -> C:\WINDOWS\Downloaded Program Files\v.grd -> [2008/12/24 01:00:00 | 00,004,988 | ---- | M] ()
v.sig -> C:\WINDOWS\Downloaded Program Files\v.sig -> [2008/12/24 01:00:00 | 00,002,274 | ---- | M] ()
vet._a1 -> C:\WINDOWS\Downloaded Program Files\vet._a1 -> [2008/12/04 15:15:17 | 01,409,024 | ---- | M] ()
vet._at -> C:\WINDOWS\Downloaded Program Files\vet._at -> [2008/12/04 19:20:37 | 05,173,248 | ---- | M] ()
vete.dll -> C:\WINDOWS\Downloaded Program Files\vete.dll -> [2008/05/30 09:47:36 | 01,385,760 | ---- | M] ()
virscan.inf -> C:\WINDOWS\Downloaded Program Files\virscan.inf -> [2008/12/24 01:00:00 | 00,106,244 | ---- | M] ()
virscan1.dat -> C:\WINDOWS\Downloaded Program Files\virscan1.dat -> [2008/12/24 01:00:00 | 01,013,365 | ---- | M] ()
virscan2.dat -> C:\WINDOWS\Downloaded Program Files\virscan2.dat -> [2008/12/24 01:00:00 | 00,571,890 | ---- | M] ()
virscan3.dat -> C:\WINDOWS\Downloaded Program Files\virscan3.dat -> [2008/12/24 01:00:00 | 00,152,948 | ---- | M] ()
virscan4.dat -> C:\WINDOWS\Downloaded Program Files\virscan4.dat -> [2008/12/24 01:00:00 | 00,320,259 | ---- | M] ()
virscan5.dat -> C:\WINDOWS\Downloaded Program Files\virscan5.dat -> [2008/12/24 01:00:00 | 10,307,763 | ---- | M] ()
virscan6.dat -> C:\WINDOWS\Downloaded Program Files\virscan6.dat -> [2008/12/24 01:00:00 | 00,395,297 | ---- | M] ()
virscan7.dat -> C:\WINDOWS\Downloaded Program Files\virscan7.dat -> [2008/12/24 01:00:00 | 32,467,204 | ---- | M] ()
virscan8.dat -> C:\WINDOWS\Downloaded Program Files\virscan8.dat -> [2008/12/24 01:00:00 | 01,057,340 | ---- | M] ()
virscan9.dat -> C:\WINDOWS\Downloaded Program Files\virscan9.dat -> [2008/12/24 01:00:00 | 03,593,096 | ---- | M] ()
virscant.dat -> C:\WINDOWS\Downloaded Program Files\virscant.dat -> [2008/12/24 01:00:00 | 00,000,032 | ---- | M] ()
vscanmsx.dat -> C:\WINDOWS\Downloaded Program Files\vscanmsx.dat -> [2009/01/01 02:09:58 | 00,002,072 | ---- | M] ()
webscan.dll -> C:\WINDOWS\Downloaded Program Files\webscan.dll -> [2006/11/20 12:02:34 | 00,180,282 | ---- | M] ()
webscan.inf -> C:\WINDOWS\Downloaded Program Files\webscan.inf -> [2006/07/21 12:55:30 | 00,000,477 | ---- | M] ()
zdone.dat -> C:\WINDOWS\Downloaded Program Files\zdone.dat -> [2008/12/24 01:00:00 | 00,000,224 | ---- | M] ()
< %systemroot%\Fonts\*.exe /s >
< %systemroot%\Fonts\*.zip /s >
< %systemroot%\Fonts\*.rar /s >
< %systemroot%\Fonts\*.dll /s >
< %systemroot%\Help\*.exe /s >
C:\WINDOWS\Help\SBSI\Training\ -> C:\WINDOWS\Help\SBSI\Training -> [2007/02/15 08:26:10 | 00,000,000 | ---D | M]
orun32.exe -> C:\WINDOWS\Help\SBSI\Training\orun32.exe -> [2006/08/21 15:57:14 | 01,077,321 | ---- | M] (Microsoft Corporation)
ounins32_s.exe -> C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe -> [2001/06/12 02:19:04 | 00,233,472 | ---- | M] (Microsoft and LearnIT Corporation)
usersid.exe -> C:\WINDOWS\Help\SBSI\Training\usersid.exe -> [2001/11/07 21:28:32 | 00,049,152 | ---- | M] ()
C:\WINDOWS\Help\Tours\mmTour\ -> C:\WINDOWS\Help\Tours\mmTour -> [2005/11/14 16:41:04 | 00,000,000 | ---D | M]
tour.exe -> C:\WINDOWS\Help\Tours\mmTour\tour.exe -> [2004/08/04 15:00:00 | 03,374,640 | ---- | M] (Macromedia, Inc.)
< %systemroot%\Help\*.zip /s >
< %systemroot%\Help\*.rar /s >
< %systemroot%\Tasks\*.* >
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/01/04 18:45:10 | 00,000,000 | --SD | M]
1-Click Maintenance.job -> C:\WINDOWS\Tasks\1-Click Maintenance.job -> [2009/01/02 17:17:08 | 00,000,394 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 15:00:00 | 00,000,065 | RH-- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2009/01/05 02:07:24 | 00,000,330 | -H-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/04 18:42:09 | 00,000,006 | -H-- | M] ()
< %APPDATA%\*.sys >
< %systemroot%\system32\serauth1.dll >
< %systemroot%\system32\serauth2.dll >
< %systemroot%\system32\sysaudio.sys >
< %PROGRAMFILES%\*TinyProxy*. >
Program Files -> C:\Program Files -> [2009/01/04 11:52:34 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\Bitlord\Downloads\*.zip /s >
< %PROGRAMFILES%\Bitlord\Downloads\*.rar /s >
< %PROGRAMFILES%\Bitlord\Downloads\*.exe /s >
< %PROGRAMFILES%\Bitlord\Downloads\*crack*. >
< %PROGRAMFILES%\Bitlord\Downloads\*keygen*. >
< %PROGRAMFILES%\eMule\Incoming\*.zip /s >
< %PROGRAMFILES%\eMule\Incoming\*.rar /s >
< %PROGRAMFILES%\eMule\Incoming\*.exe /s >
< %PROGRAMFILES%\eMule\Incoming\*crack*. >
< %PROGRAMFILES%\eMule\Incoming\*keygen*. >
< HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/09 22:42:37 | 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions\\Components -> %ProgramFiles%\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/12/25 13:30:13 | 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins -> %ProgramFiles%\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2008/12/25 13:30:01 | 00,000,000 | ---D | M]
< End of report >
[/code]

Report •

#28
January 4, 2009 at 18:17:13
Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Navigate to :

C:\Program Files\Common Files\{D83D6023-064E-1033-1218-010703010001}

Let me know if the folder exist but do not delete it.


Report •

#29
January 4, 2009 at 18:39:30
Hi Jabuck,

I did what you have said but didn't see this file. Please kindly advise. Thank you.


Report •

#30
January 4, 2009 at 19:08:39
Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Copy all the text contained in the code box below between the X's to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
C:\WINDOWS\Downloaded Program Files\as2stubie.dll
C:\WINDOWS\Downloaded Program Files\as2stubie.inf
c:\program files\SpywareTerminator_Setup.exe


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
Click the Execute button
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Let me know if that if helped.


Report •

#31
January 4, 2009 at 19:42:56
Hi Jabuck,

1. The computer has rebot.
2. It has showed a window with microsoft visual c++ Runtime Library Runtime Error! Program:C:\program files\hpq\shared\hpqwmi.exe
3. It has showed the following log
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\Downloaded Program Files\as2stubie.dll" deleted successfully.
File "C:\WINDOWS\Downloaded Program Files\as2stubie.inf" deleted successfully.
File "c:\program files\SpywareTerminator_Setup.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


4. The problem still exist. The devil logo still appear in from of the htt://www.computing.net.... I open a new tab and type www.google.com then it will redirect me to some other site again.


Report •

#32
January 4, 2009 at 19:50:47
Hi Jabuck,

1. The computer has rebot.
2. It has showed a window with microsoft visual c++ Runtime Library Runtime Error! Program:C:\program files\hpq\shared\hpqwmi.exe
3. It has showed the following log
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\Downloaded Program Files\as2stubie.dll" deleted successfully.
File "C:\WINDOWS\Downloaded Program Files\as2stubie.inf" deleted successfully.
File "c:\program files\SpywareTerminator_Setup.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


4. The problem still exist. The devil logo still appear in from of the htt://www.computing.net.... I open a new tab and type www.google.com then it will redirect me to some other site again.


Report •

#33
January 4, 2009 at 20:38:21
The files associated with the dns changers are not apparent to me in your logs. After each of the following steps check for redirects then continue to the next step. The following may help.

Delete the old Hoster Icon from your desktop if it is still there.

Please download HostsXpert from the following link:

HostsXpert

Extract the HostsXpert.zip by doing the following:Right-click HostsXpert.zip and select extract all – Follow the wizard and extract it to your DesktopClick Finish. Double-click the HostsXpert folder and then double-click HostsXpert.exe. Click “ Restore MS Hosts File” and press OK.Exit the program.

Go to start> control panel> add/remove programs and uninstall these programs:


Spybot
Sogou PXP
PrevxCSI
a-squared Free
SUPERAntiSpyware

Next navigate to C:\Programs files and delete there folders if found also delete the Symantec folder in Programs Files.

Next go add/remove programs uninstall AVG don't save any settings then reinstall it and update it.

If you are using IE 7 delete from add/remove programs and reinstall from From Microsft Updates.

After you complete the reinstall of IE 7.0 make sure it works then do the same for your other browsers.

Once you get this done post a new Combofix log please following the previous instructions.


Report •

#34
January 4, 2009 at 21:14:23
Hi Jabuck,

After I click Restore MS Hosts File. It gave me an error message Error: Cannot create file C:\Windows\system32\drivers\etc\hosts


Report •

#35
January 5, 2009 at 17:37:16
On the top left column of HostXpert click the "make writeable" button it will change to "make read only" then try it again.

Report •

#36
January 5, 2009 at 18:55:46
Hi Jabuck,

Thank you for your advise and it works.

I have removed all these
Spybot
Sogou PXP
PrevxCSI
a-squared Free
SUPERAntiSpyware
Symantec folder

I have removed Sogoue PXP folder because I don't see it in the add/remove program.
I also don't see the IE7 in my add/remove program, please advise how I can remove it.
Also please also let me know where I can find the IE7 and reinstall it again. Do I go to the Mircosoft websit to download it?

Thank you very much for your help.


Report •


Ask Question