PDA

View Full Version : Trojan and Internet problem



rukia88
2009-01-07, 03:43
Hi there,
Recently I haven't been able to connect to the Internet. I've ruled out that it is not my ISP's problem. I have 2 computers connected to the Internet with a router. My computer is the affected one, the other one has Internet connection.

I did a scan with Super Antispyware on 2 occassions. The first scan found 2 trojans which i then quarantined. Internet was back up. The next day, Internet was gone again. Did a second scan, SAS found another trojan. After quarantining, Internet was still not connected.
I just did a antivirus/antispyware scan with ZoneAlarm this evening and it didn't find anything.


I'm really not sure if it's the trojan that is causing disconnection from the Internet. It is absolutely driving me nuts and all help will be greatly appreciated!!

The following are my HJT log and the 2 scan logs from SAS.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:29 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\SiSAudUt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SiS7012Utility] C:\WINDOWS\system32\SiSAudUt.exe -wdm
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4814 bytes


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2009 at 07:17 PM

Application Version : 4.0.1154

Core Rules Database Version : 3483
Trace Rules Database Version: 1474

Scan type : Quick Scan
Total Scan Time : 00:12:30

Memory items scanned : 287
Memory threats detected : 0
Registry items scanned : 333
Registry threats detected : 2
File items scanned : 4288
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\L\Cookies\l@mylook4.dmcmedia.co[2].txt

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/06/2009 at 08:32 AM

Application Version : 4.0.1154

Core Rules Database Version : 3696
Trace Rules Database Version: 1672

Scan type : Complete Scan
Total Scan Time : 00:24:00

Memory items scanned : 285
Memory threats detected : 0
Registry items scanned : 4871
Registry threats detected : 0
File items scanned : 10625
File threats detected : 1

Trojan.BotNet/Dropper
C:\DOCUMENTS AND SETTINGS\L\LOCAL SETTINGS\TEMP\TMP22.TMP

rukia88
2009-01-07, 04:42
Just wanted to give some additional info (not sure if it's important):
so after the second SAS scan, trojan quarantined and no Internet.

just tonight, i tried "net stop dnscache" in command prompt and now my connection to the Internet is back. Really not sure what's happening.

Thank you for your help and time.

rukia88
2009-01-11, 23:14
More info...i'm now able to go on the internet (i set the DNS client to manual at start up). Did a Kaspersky online scan today.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 11, 2009 11:26:41
Records in database: 1602210
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 60446
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:31:04


File name / Threat name / Threats count
C:\Documents and Settings\L\Local Settings\Temp\tmp23.tmp Infected: Trojan.Win32.Patched.dy 1
C:\Program Files\eRightSoft\SUPER\Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.au 1
C:\Program Files\Mozilla Firefox\components\iamfamous.dll Infected: Trojan.Win32.Agent.avjo 1
C:\qoobox\Quarantine\C\VundoFix Backups\ssqrr.dll.bad.vir Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CEFD36F5-C9BA-45E7-8577-FA1F83BCEDE9}\RP321\A0044028.exe Infected: Worm.Win32.AutoTDSS.dx 1
C:\WINDOWS\system32\tdm2\viodrivr3.exe Infected: not-a-virus:AdWare.Win32.Rabio.dd 1

The selected area was scanned.

peku006
2009-01-12, 12:53
Hello and Welcome to Safer Networking,

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

rukia88
2009-01-13, 17:42
Hi peku006,

I did encounter a problem with the updates for MBAM. I got a message stating that there was an error connecting to the Internet. I tried to download the updates manually via the link you provided and it didn't work. I even went to my "uninfected" computer to download the updates manually and it said the link was broken. I even tried disabling my ZoneAlarm and it didn't help either.

Should I still proceed with the MBAM scan without updates? Please advise.
Thank you.

rukia88
2009-01-13, 19:58
Update: After trying multiple times today, I have JUST finally downloaded the updates for MBAM. I will proceed with the next steps. Thanks.

rukia88
2009-01-13, 21:58
Hi peku006, all has been done and here are the logs:


Logfile of random's system information tool 1.05 (written by random/random)
Run by L at 2009-01-13 14:52:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (6%) free of 114 GB
Total RAM: 1248 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:40 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SiSAudUt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\L\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\L.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SiS7012Utility] C:\WINDOWS\system32\SiSAudUt.exe -wdm
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5461 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiS7012Utility"=C:\WINDOWS\system32\SiSAudUt.exe [2001-11-21 294912]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-01-08 919280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-03-08 1481968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-13 14:52:26 ----D---- C:\rsit
2009-01-13 09:18:16 ----D---- C:\Documents and Settings\L\Application Data\Malwarebytes
2009-01-13 09:17:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-13 09:17:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 19:26:30 ----D---- C:\WINDOWS\Sun
2009-01-07 19:26:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-07 19:26:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-07 19:26:10 ----A---- C:\WINDOWS\system32\java.exe
2009-01-07 19:26:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-07 19:25:46 ----D---- C:\Program Files\Java
2009-01-07 19:24:09 ----D---- C:\Documents and Settings\L\Application Data\Sun
2008-12-30 00:40:02 ----RA---- C:\WINDOWS\system32\clubbox.exe
2008-12-15 22:35:51 ----D---- C:\Documents and Settings\All Users\Application Data\NJStar

======List of files/folders modified in the last 1 months======

2009-01-13 14:52:37 ----D---- C:\WINDOWS\Prefetch
2009-01-13 14:52:13 ----D---- C:\WINDOWS\Internet Logs
2009-01-13 14:39:27 ----D---- C:\WINDOWS\Temp
2009-01-13 14:32:18 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-13 14:31:55 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 14:31:55 ----D---- C:\WINDOWS\system32
2009-01-13 14:31:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 10:22:46 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 09:17:57 ----D---- C:\Program Files
2009-01-12 14:34:32 ----D---- C:\Program Files\BitComet
2009-01-11 22:30:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-11 21:51:05 ----D---- C:\WINDOWS\system32\crc
2009-01-11 21:51:05 ----A---- C:\WINDOWS\system32\fscflist.ini
2009-01-11 19:49:56 ----A---- C:\WINDOWS\system32\fscflist.ini.tmp
2009-01-11 16:25:17 ----A---- C:\WINDOWS\system32\fscagent.ini
2009-01-11 16:24:59 ----A---- C:\WINDOWS\system32\fscagent.ini.tmp
2009-01-07 19:26:30 ----D---- C:\WINDOWS
2009-01-07 19:26:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-07 19:26:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 19:26:27 ----SHD---- C:\WINDOWS\Installer
2009-01-05 21:24:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-05 21:12:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-05 21:11:37 ----D---- C:\Program Files\SpywareBlaster
2009-01-05 18:42:53 ----A---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-01-08 394160]
R2 PCDCODEC;Specialized PCD WDM VBI Codec; C:\WINDOWS\system32\DRIVERS\atinpdxx.sys [2004-08-04 14336]
R2 TTDec;ATI WDM Teletext Decoder; C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 13824]
R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-02-15 94080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2001-12-13 163200]
R3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\sis7012.sys [2001-11-26 165760]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2001-09-28 31744]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 DW;DW; C:\WINDOWS\system32\drivers\DW.sys []
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\L\LOCALS~1\Temp\catchme.sys []
S3 dwusbdnt;dwusbdnt; C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-15 47360]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 slabbus;USB Data Cable driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2004-08-09 51040]
S3 slabser;USB Data Cable Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2004-08-09 82768]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2006-11-18 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2006-11-18 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2006-11-18 137884]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2006-11-18 108003]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-07 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-01-08 75568]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-14 503608]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-11 118272]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-13 14:52:46

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Multimedia Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B307FF-E529-4D62-B184-3DF41665B1AF}\setup.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BitComet 0.57-->C:\Program Files\BitComet\uninst.exe
BitPim 0.7.22-->"C:\Program Files\BitPim\unins000.exe"
BlindWrite 6-->"C:\Program Files\VSO\BlindWrite6\unins000.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
ffdshow [rev 1099] [2007-04-14]-->"C:\Program Files\ffdshow\unins000.exe"
GUIDE PLUS+(TM) for Windows® System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
K-Lite Codec Pack 2.46 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
MailFrontier Desktop-->C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPIO Manager 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{224F7A6E-1D66-46B6-888A-D115E5AC20F6}\setup.exe"
NeoAudio extraction audio-->"C:\Program Files\NeoAudio\uninstall.exe"
Nero 7-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
QPST-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31228E31-2BFF-11D2-8866-00805F0D9D40}\Setup.exe" -uninst
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Samsung USB Driver (MCCI 4.16)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67}
SiS 650-->RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.01\DeIsL1.isu"&P.U 4 sisgr.inf&-1
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
SiS Audio Driver-->C:\Program Files\SIS7012\UNINST\unDrvApp.exe C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Slice 'N Hook-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Slice N Hook\DeIsL1.isu"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPER © Version 2008.bld.25 (Feb 5, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
USB Data Cable-->C:\WINDOWS\system32\USB2k.exe C:\WINDOWS\system32\USB.u2k
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XPayMPI 2.0.1.2-->"C:\Program Files\SoftForum\XPayMPI\uninstall.exe"
Yahoo! Photos Easy Upload Tool 1v7-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropperCA.dll"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [902bf387] rundll32.exe "C:\WINDOWS\system32\baeirsex.dll",b

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: ZoneAlarm Security Suite Antivirus (outdated)
FW: ZoneAlarm Security Suite Firewall

System event log

Computer Name: L-3746562C4F964
Event Code: 7035
Message: The NMIndexingService service was successfully sent a start control.

Record Number: 45226
Source Name: Service Control Manager
Time Written: 20081113173724.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: L-3746562C4F964
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 45225
Source Name: Tcpip
Time Written: 20081113172417.000000-300
Event Type: warning
User:

Computer Name: L-3746562C4F964
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00E018929A95. The IP address being used is 169.254.134.138.

Record Number: 45224
Source Name: Dhcp
Time Written: 20081113171915.000000-300
Event Type: warning
User:

Computer Name: L-3746562C4F964
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{A2BE0C7D-2E77-498A-B8C3-782620438865} because a master browser was stopped.

Record Number: 45223
Source Name: BROWSER
Time Written: 20081113171321.000000-300
Event Type: information
User:

Computer Name: L-3746562C4F964
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.2.100 on the
Network Card with network address 00E018929A95.

Record Number: 45222
Source Name: Dhcp
Time Written: 20081113170421.000000-300
Event Type: error
User:

Application event log

Computer Name: L-3746562C4F964
Event Code: 101
Message:
Record Number: 18396
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20071118151139.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: L-3746562C4F964
Event Code: 101
Message:
Record Number: 18395
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20071118151139.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: L-3746562C4F964
Event Code: 101
Message:
Record Number: 18394
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20071118151043.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: L-3746562C4F964
Event Code: 101
Message:
Record Number: 18393
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20071118114034.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: L-3746562C4F964
Event Code: 101
Message:
Record Number: 18392
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20071118114034.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.32
Database version: 1617
Windows 5.1.2600 Service Pack 2

1/13/2009 2:30:13 PM
mbam-log-2009-01-13 (14-30-13).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 100014
Time elapsed: 1 hour(s), 21 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEFD36F5-C9BA-45E7-8577-FA1F83BCEDE9}\RP321\A0044028.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msqpdxjxfqxdlt.dll (Trojan.TDSS) -> Delete on reboot.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxbgrfldkr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-D0B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

peku006
2009-01-13, 23:07
Hi rukia88

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
(If you are typing this in, note the space between the g /f
It needs to be there.)
Hit Enter.
Close the command box.

Configure TCP/IP to use DNS.
Go to Start > Control Panel, and choose Network Connections.
Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
Double-click on the Internet Protocol (TCP/IP) item.
Select the radio button that says "Obtain DNS servers automatically".
Click OK twice to get out of the properties screen and restart your computer.

Please download OTScanIt2 from Geeks to Go (http://oldtimer.geekstogo.com/OTScanIt2.exe) or Bleeping Computer (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe). Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

rukia88
2009-01-14, 00:57
OTScanIt2 logfile created on: 1/13/2009 5:52:23 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.6.2 Folder = C:\Documents and Settings\L\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.22 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 66.50% Memory free
1.41 Gb Paging File | 1.11 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 7.50 Gb Free Space | 6.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 5.48 Gb Free Space | 2.35% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-3746562C4F964
Current User Name: L
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.)
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/03 18:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/07 19:25:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/01/07 19:25:51 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [2007/01/04 11:06:26 | 00,864,256 | ---- | M] ( )
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M] (OldTimer Tools)
scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe -> [2006/12/19 18:13:52 | 00,094,313 | ---- | M] ()
scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe -> [2006/12/19 18:13:52 | 00,094,313 | ---- | M] ()
sisaudut.exe -> %SystemRoot%\system32\SISAUDUT.EXE -> [2001/11/21 06:39:08 | 00,294,912 | ---- | M] (Silicon Integrated Systems Corporation)
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2008/03/08 12:35:08 | 01,481,968 | ---- | M] (SUPERAntiSpyware.com)
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2007/01/08 14:29:38 | 00,075,568 | ---- | M] (Zone Labs, LLC)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> [2007/01/08 14:29:40 | 00,919,280 | ---- | M] (Zone Labs, LLC)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.)
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/09/14 08:59:56 | 00,503,608 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/07 19:25:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG)
(TUWinStylerThemeSvc) TuneUp WinStyler Theme Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\TuneUp Utilities 2006\WinStylerThemeSvc.exe -> [2005/08/11 01:17:28 | 00,118,272 | ---- | M] (TuneUp Software GmbH)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2007/01/08 14:29:38 | 00,075,568 | ---- | M] (Zone Labs, LLC)

[Driver Services - Safe List]
(a347bus) a347bus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\a347bus.sys -> [2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( )
(a347scsi) a347scsi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\a347scsi.sys -> [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( )
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> [2004/08/03 16:59:44 | 00,095,360 | ---- | M] ()
(dwusbdnt) dwusbdnt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\dwusbdnt.sys -> [2002/05/24 13:52:58 | 00,010,368 | ---- | M] (Digit@lway Co., Ltd.)
(ezplay) VSO Software ezplay [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ezplay.sys -> [2007/02/15 20:22:16 | 00,094,080 | ---- | M] (VSO Software)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2004/08/03 18:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(KLIF) KLIF [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\klif.sys -> [2006/11/29 22:02:26 | 00,174,864 | ---- | M] (Kaspersky Lab)
(ms_mpu401) Microsoft MPU-401 MIDI UART Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation)
(PCDCODEC) Specialized PCD WDM VBI Codec [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atinpdxx.sys -> [2004/08/04 00:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.)
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pcouffin.sys -> [2007/02/15 20:22:01 | 00,047,360 | ---- | M] (VSO Software)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2006/10/10 13:53:48 | 00,005,632 | ---- | M] ()
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008/03/08 12:35:08 | 00,051,440 | ---- | M] ()
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2004/07/17 05:36:38 | 00,027,440 | ---- | M] ()
(SiS315) SiS315 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisgrp.sys -> [2001/12/13 13:52:48 | 00,163,200 | ---- | M] (Silicon Integrated Systems Corporation)
(SiS7012) Service for AC'97 Sample Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sis7012.sys -> [2001/11/26 09:00:08 | 00,165,760 | R--- | M] (Silicon Integrated Systems Corporation)
(sisagp) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> [2001/12/26 15:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation)
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> [2001/09/28 15:16:46 | 00,031,744 | R--- | M] (SiS Corporation)
(slabbus) USB Data Cable driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slabbus.sys -> [2004/08/09 00:44:40 | 00,051,040 | RH-- | M] (MCCI)
(slabser) USB Data Cable Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slabser.sys -> [2004/08/09 00:44:40 | 00,082,768 | RH-- | M] (MCCI)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 15:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> [2007/12/26 13:09:19 | 00,051,176 | ---- | M] (Zone Labs, LLC)
(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdbus.sys -> [2006/11/18 01:02:53 | 00,080,272 | R--- | M] (MCCI)
(sscdmdfl) SAMSUNG CDMA Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdfl.sys -> [2006/11/18 01:02:53 | 00,010,864 | R--- | M] (MCCI)
(sscdmdm) SAMSUNG CDMA Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdm.sys -> [2006/11/18 01:02:53 | 00,137,884 | R--- | M] (MCCI)
(sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdserd.sys -> [2006/11/18 01:02:54 | 00,108,003 | R--- | M] (MCCI)
(TSP) TSP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> [2006/11/29 22:02:26 | 00,174,864 | ---- | M] (Kaspersky Lab)
(TTDec) ATI WDM Teletext Decoder [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atinttxx.sys -> [2004/08/04 00:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.)
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> [2007/01/08 14:29:54 | 00,394,160 | ---- | M] (Zone Labs, LLC)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.ca/ ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\L\Application Data\Mozilla\FireFox\Profiles\cv2hil3o.default\prefs.js ->
browser.startup.homepage -> "http://www.google.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.8.1.16" ->
< HOSTS File > (291104 bytes and 10075 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2005/09/23 22:12:08 | 00,063,136 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> Reg Error: Key does not exist or could not be opened. [IeCatch5 Class] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/07 19:25:51 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/07 19:25:51 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/07 19:25:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> Reg Error: Key does not exist or could not be opened. [gFlash Class] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" [HKLM] -> %ProgramFiles%\FlashGet\fgiebar.dll [FlashGet Bar] -> [2005/06/07 13:06:10 | 00,086,016 | ---- | M] (Amaze Soft)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006/01/12 15:40:44 | 00,155,648 | ---- | M] (Nero AG)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.)
"SiS7012Utility" -> %SystemRoot%\system32\SISAUDUT.EXE [C:\WINDOWS\system32\SiSAudUt.exe -wdm] -> [2001/11/21 06:39:08 | 00,294,912 | ---- | M] (Silicon Integrated Systems Corporation)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/01/07 19:25:51 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"ZoneAlarm Client" -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2007/01/08 14:29:40 | 00,919,280 | ---- | M] (Zone Labs, LLC)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Creative Detector" -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe ["C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R] -> [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
"SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2008/03/08 12:35:08 | 01,481,968 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/24 00:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 23:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< L Startup Folder > -> C:\Documents and Settings\L\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [255] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download All by FlashGet -> %ProgramFiles%\FlashGet\jc_all.htm [C:\Program Files\FlashGet\jc_all.htm] -> [2000/02/06 13:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet -> %ProgramFiles%\FlashGet\jc_link.htm [C:\Program Files\FlashGet\jc_link.htm] -> [2000/02/06 13:06:34 | 00,001,898 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{44226DFF-747E-4edc-B30C-78752E50CD0C}:{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [Button: ATI TV] -> [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [Button: FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [Menu: &FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{44226DFF-747E-4edc-B30C-78752E50CD0C}" [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\"{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}" [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5241 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7797 domain(s) found. ->
56 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{072039AB-2117-4ED5-A85F-9B9EB903E021} [HKLM] -> http://www.clubbox.co.kr/neo.fld/NowStarter.cab [NowStarter Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A2BE0C7D-2E77-498A-B8C3-782620438865} -> (SiS 900 PCI Fast Ethernet Adapter) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2007/04/19 13:41:36 | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2006/12/20 13:55:48 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/03 16:59:54 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/09/17 19:48:43 | 00,000,000 | ---- | M] ()
F:\autorun.inf [[autorun] | ;hhltybdjnfjgmgmqbwdnmpzxtrjuhaguwgrbeulqzjtszmswdpiztzpzatuymonfurqneemmmgofcl | shellexecute="resycled\boot.com f:" | ;brbhwtkxdynbqhaoxnggsogspbopzpsregwhnolsvvduobsuogaaujqldilwntzweuzgrat | shell\Open\command="resycled\boot.com f:" | ;ttkpoeep | ] -> F:\autorun.inf [ NTFS ] -> [2009/01/03 17:45:30 | 00,000,255 | RHS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/01/13 17:51:34 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/13 17:20:26 | 00,656,730 | ---- | C] ()
rsit -> %SystemDrive%\rsit -> [2009/01/13 14:52:26 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/01/13 14:52:01 | 00,781,851 | ---- | C] ()
mbam-rules.exe -> %UserProfile%\Desktop\mbam-rules.exe -> [2009/01/13 12:55:11 | 01,889,864 | ---- | C] (Malwarebytes Corporation )
Malwarebytes -> %AppData%\Malwarebytes -> [2009/01/13 09:18:16 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/13 09:18:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/01/13 09:18:01 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/13 09:17:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/01/13 09:17:57 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/01/13 09:17:57 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/13 09:15:45 | 02,697,168 | ---- | C] (Malwarebytes Corporation )
dead-links.jpg -> %UserProfile%\Desktop\dead-links.jpg -> [2009/01/11 16:28:43 | 00,021,547 | ---- | C] ()
Sun -> %SystemRoot%\Sun -> [2009/01/07 19:26:30 | 00,000,000 | ---D | C]
Java -> %ProgramFiles%\Java -> [2009/01/07 19:25:46 | 00,000,000 | ---D | C]
Sun -> %AppData%\Sun -> [2009/01/07 19:24:09 | 00,000,000 | ---D | C]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/07 19:10:19 | 00,054,156 | -H-- | C] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2009/01/07 19:10:19 | 00,001,409 | ---- | C] ()
clubbox.exe -> %SystemRoot%\System32\clubbox.exe -> [2008/12/30 00:40:02 | 01,626,112 | R--- | C] (Nowcom, Co. LTD.)
NJStar -> %AllUsersProfile%\Application Data\NJStar -> [2008/12/15 22:35:51 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
61 C:\Documents and Settings\L\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\L\Local Settings\Temp\*.tmp ->
397 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [2009/01/13 17:51:16 | 01,759,776 | -HS- | M] ()
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [2009/01/13 17:49:26 | 33,607,200 | -HS- | M] ()
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [2009/01/13 17:36:09 | 00,049,404 | ---- | M] ()
Perflib_Perfdata_674.dat -> %SystemRoot%\Temp\Perflib_Perfdata_674.dat -> [2009/01/13 17:36:03 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/13 17:35:23 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/13 17:35:11 | 00,002,048 | --S- | M] ()
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [2009/01/13 17:34:34 | 00,169,136 | -HS- | M] ()
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [2009/01/13 17:34:33 | 00,454,208 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/13 17:34:10 | 07,864,320 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/13 17:34:10 | 00,000,278 | -HS- | M] ()
ezpinst.exe -> %AppData%\ezpinst.exe -> [2009/01/13 17:30:46 | 00,087,608 | ---- | M] ()
ezplay.cat -> %AppData%\ezplay.cat -> [2009/01/13 17:30:46 | 00,007,812 | ---- | M] ()
ezplay.sys -> %AppData%\ezplay.sys -> [2009/01/13 17:30:45 | 00,094,080 | ---- | M] (VSO Software)
LZAAYMNK.inf -> %AppData%\LZAAYMNK.inf -> [2009/01/13 17:30:45 | 00,001,104 | ---- | M] ()
pcouffin.sys -> %AppData%\pcouffin.sys -> [2009/01/13 17:30:44 | 00,047,360 | ---- | M] (VSO Software)
pcouffin.cat -> %AppData%\pcouffin.cat -> [2009/01/13 17:30:44 | 00,007,824 | ---- | M] ()
pcouffin.inf -> %AppData%\pcouffin.inf -> [2009/01/13 17:30:44 | 00,001,144 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/13 17:20:29 | 00,656,730 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/13 17:06:48 | 00,192,000 | ---- | M] ()
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2009/01/13 17:06:41 | 00,000,664 | ---- | M] ()
fscflist.ini -> %SystemRoot%\System32\fscflist.ini -> [2009/01/13 17:04:35 | 00,055,844 | ---- | M] ()
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2009/01/13 16:59:03 | 00,000,244 | -H-- | M] ()
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2009/01/13 16:59:03 | 00,000,232 | -H-- | M] ()
fscagent.ini -> %SystemRoot%\System32\fscagent.ini -> [2009/01/13 15:07:54 | 00,000,079 | ---- | M] ()
PDBOXGame.html -> %SystemRoot%\System32\PDBOXGame.html -> [2009/01/13 15:07:36 | 00,000,000 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/01/13 14:52:06 | 00,781,851 | ---- | M] ()
Perflib_Perfdata_7c8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_7c8.dat -> [2009/01/13 14:33:14 | 00,016,384 | ---- | M] ()
mbam-rules.exe -> %UserProfile%\Desktop\mbam-rules.exe -> [2009/01/13 12:55:20 | 01,889,864 | ---- | M] (Malwarebytes Corporation )
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [2009/01/13 12:52:30 | 00,000,244 | -H-- | M] ()
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [2009/01/13 12:52:30 | 00,000,232 | -H-- | M] ()
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [2009/01/13 10:54:22 | 00,000,244 | -H-- | M] ()
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [2009/01/13 10:54:22 | 00,000,232 | -H-- | M] ()
Perflib_Perfdata_664.dat -> %SystemRoot%\Temp\Perflib_Perfdata_664.dat -> [2009/01/13 09:28:09 | 00,016,384 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/01/13 09:18:01 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/13 09:15:53 | 02,697,168 | ---- | M] (Malwarebytes Corporation )
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2009/01/12 10:15:21 | 00,000,244 | -H-- | M] ()
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2009/01/12 10:15:21 | 00,000,232 | -H-- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/11 22:30:07 | 00,000,116 | ---- | M] ()
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2009/01/11 21:52:55 | 00,000,244 | -H-- | M] ()
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2009/01/11 21:52:55 | 00,000,232 | -H-- | M] ()
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2009/01/11 17:25:25 | 00,000,244 | -H-- | M] ()
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2009/01/11 17:25:25 | 00,000,232 | -H-- | M] ()
dead-links.jpg -> %UserProfile%\Desktop\dead-links.jpg -> [2009/01/11 16:28:43 | 00,021,547 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-L\engine\bases\sfdb.dat -> [2009/01/11 12:40:38 | 00,000,084 | ---- | M] ()
kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\kosglue-7.0.25.0.dll -> [2009/01/11 12:39:08 | 00,729,152 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\msvcr80.dll -> [2009/01/11 12:39:08 | 00,626,688 | ---- | M] (Microsoft Corporation)
prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\prLoader.dll -> [2009/01/11 12:39:08 | 00,184,320 | ---- | M] (Kaspersky Lab)
prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\prremote.dll -> [2009/01/11 12:39:08 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\msvcp80.dll -> [2009/01/11 12:39:07 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\kave.dll -> [2009/01/11 12:39:07 | 00,282,624 | ---- | M] (Kaspersky Lab.)
ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\ScanningProcess.exe -> [2009/01/11 12:39:07 | 00,139,264 | ---- | M] (Kaspersky Lab.)
ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\ikave.dll -> [2009/01/11 12:39:07 | 00,065,536 | ---- | M] ()
msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\msvcm80.dll -> [2009/01/11 12:39:06 | 00,479,232 | ---- | M] (Microsoft Corporation)
FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-L\binaries\FSSync.dll -> [2009/01/11 12:39:06 | 00,038,400 | ---- | M] (Kaspersky Lab)
Perflib_Perfdata_660.dat -> %SystemRoot%\Temp\Perflib_Perfdata_660.dat -> [2009/01/10 15:45:43 | 00,016,384 | ---- | M] ()
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [2009/01/10 12:12:53 | 00,004,212 | -H-- | M] ()
Perflib_Perfdata_78c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_78c.dat -> [2009/01/10 11:37:30 | 00,016,384 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/10 11:36:40 | 00,002,206 | ---- | M] ()
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [2009/01/09 17:15:00 | 00,000,382 | ---- | M] ()
Perflib_Perfdata_a10.dat -> %SystemRoot%\Temp\Perflib_Perfdata_a10.dat -> [2009/01/07 19:26:15 | 00,016,384 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/07 19:10:19 | 00,054,156 | -H-- | M] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2009/01/07 19:10:19 | 00,001,409 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/01/05 21:26:57 | 00,291,104 | R--- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
tf4ycil8.exe -> %UserProfile%\Local Settings\Temp\tf4ycil8.exe -> [2009/01/03 15:21:52 | 00,031,697 | ---- | M] ()
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [2009/01/03 13:13:47 | 00,000,244 | -H-- | M] ()
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [2009/01/03 13:13:47 | 00,000,232 | -H-- | M] ()
clubbox.exe -> %SystemRoot%\System32\clubbox.exe -> [2008/12/30 00:40:02 | 01,626,112 | R--- | M] (Nowcom, Co. LTD.)
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2008/12/24 23:16:54 | 00,000,244 | -H-- | M] ()
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2008/12/24 23:16:54 | 00,000,232 | -H-- | M] ()
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008/12/23 18:48:22 | 00,000,232 | -H-- | M] ()
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008/12/23 18:48:21 | 00,000,244 | -H-- | M] ()
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008/12/20 13:50:40 | 00,000,244 | -H-- | M] ()
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008/12/20 13:50:40 | 00,000,232 | -H-- | M] ()
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [2008/12/20 13:42:21 | 00,000,244 | -H-- | M] ()
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [2008/12/20 13:42:21 | 00,000,232 | -H-- | M] ()
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2008/12/20 13:39:24 | 00,000,232 | -H-- | M] ()
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2008/12/20 13:39:23 | 00,000,244 | -H-- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/07/14 21:32:40 | 00,004,232 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/04/15 21:32:40 | 00,005,328 | ---- | M] ()
SSUPDATE.EXE -> %UserProfile%\Local Settings\Temp\SSUPDATE.EXE -> [2007/06/21 14:07:10 | 00,146,672 | ---- | M] (SUPERAntiSpyware.com)

[Alternate Data Streams]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxbgrfldkr.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\\?\globalroot\systemroot\system32\drivers\msqpdxbgrfldkr.sys"
"msqpdxl"="\\?\globalroot\systemroot\system32\msqpdxjxfqxdlt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxbgrfldkr.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\\?\globalroot\systemroot\system32\drivers\msqpdxbgrfldkr.sys"
"msqpdxl"="\\?\globalroot\systemroot\system32\msqpdxjxfqxdlt.dll"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP04788444.exe 151552 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP3AA79FCB.exe 185531 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APE8E5E7EB.exe 185531 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
scan completed successfully
hidden files: 353

< End of report >

peku006
2009-01-14, 11:57
Hi rukia88

1 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


2 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
How is the computer running now?

Thanks peku006

rukia88
2009-01-15, 01:33
Hi peku006,

How is my computer running now?

- something i still find strange is that when i try to load Google, it takes about 10min (says website found, connecting in the status bar). 10min later, i will get a "page cannot be displayed". Once i refresh, i will get to Google immediately.
- i no longer get redirected to ad pages when clicking on a link
- still some issues with loading pages. Another example would be logging off hotmail will always produce a "page cannot be displayed"
- just now, i realize i cannot post a reply here using my computer. i am prompted to login into Spybot S&D..which i did..indication that i am logged in but immediately get the login page again when attempting to post a reply. (i am using another computer to post this reply right now)



ComboFix 09-01-13.04 - L 2009-01-14 17:47:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1248.936 [GMT -5:00]
Running from: c:\documents and settings\L\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf
F:\resycled
f:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-13 14:52 . 2009-01-13 14:52 <DIR> d-------- C:\rsit
2009-01-13 09:18 . 2009-01-13 09:18 <DIR> d-------- c:\documents and settings\L\Application Data\Malwarebytes
2009-01-13 09:18 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-13 09:17 . 2009-01-13 09:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 09:17 . 2009-01-13 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 09:17 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 19:26 . 2009-01-07 19:26 <DIR> d-------- c:\windows\Sun
2009-01-07 19:26 . 2009-01-07 19:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 19:26 . 2009-01-07 19:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-07 19:25 . 2009-01-07 19:25 <DIR> d-------- c:\program files\Java
2009-01-07 19:10 . 2009-01-07 19:10 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-07 19:10 . 2009-01-07 19:10 1,409 --a------ c:\windows\QTFont.for
2008-12-30 00:40 . 2008-12-30 00:40 1,626,112 -ra------ c:\windows\system32\clubbox.exe
2008-12-15 22:35 . 2009-01-03 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\NJStar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 22:49 33,741,600 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-14 22:49 1,768,480 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-14 22:19 455,144 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-14 22:19 169,520 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-14 16:31 55,849 ----a-w c:\windows\system32\fscflist.ini.tmp
2009-01-13 22:30 94,080 ----a-w c:\documents and settings\L\Application Data\ezplay.sys
2009-01-13 22:30 87,608 ----a-w c:\documents and settings\L\Application Data\ezpinst.exe
2009-01-13 22:30 47,360 ----a-w c:\documents and settings\L\Application Data\pcouffin.sys
2009-01-13 22:30 --------- d-----w c:\program files\BitComet
2009-01-13 22:30 --------- d-----w c:\documents and settings\L\Application Data\Vso
2009-01-13 22:22 --------- d-----w c:\program files\Slice N Hook
2009-01-12 20:53 24,419,387 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_01_12_15_51_31_full.dmp.zip
2009-01-11 15:55 44,484,230 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-06 02:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-06 02:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-06 02:11 --------- d-----w c:\program files\SpywareBlaster
2008-11-13 12:45 15,104 ----a-r c:\windows\system32\nowmemdf.sys
2008-11-13 12:36 155,648 ----a-r c:\windows\system32\downengine.dll
2008-08-14 00:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-08-14 00:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-14 00:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-08-14 00:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-08-14 00:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-15_12.32.49.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-17 06:00:00 2,504 ----a-w c:\windows\Downloaded Program Files\catalog.dat
+ 2007-01-17 06:00:00 1,957 ----a-w c:\windows\Downloaded Program Files\tinfl.dat
+ 2007-01-22 21:43:49 2,072 ----a-w c:\windows\Downloaded Program Files\vscanmsx.dat
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-09-06 02:17:19 81,920 ----a-r c:\windows\Installer\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}\ARPPRODUCTICON.exe
- 2006-04-12 13:47:22 217,073 ----a-w c:\windows\meta4.exe
+ 2006-04-12 14:47:22 217,073 ----a-w c:\windows\meta4.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2006-09-18 02:22:05 2,722 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 13:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2001-08-23 12:00:00 2,000 ----a-w c:\windows\system\KEYBOARD.DRV
+ 2001-08-23 12:00:00 73,376 ----a-w c:\windows\system\MCIAVI.DRV
+ 2001-08-23 12:00:00 25,264 ----a-w c:\windows\system\MCISEQ.DRV
+ 2001-08-23 12:00:00 28,160 ----a-w c:\windows\system\MCIWAVE.DRV
+ 2001-08-23 12:00:00 2,032 ----a-w c:\windows\system\MOUSE.DRV
+ 2001-08-23 12:00:00 1,744 ----a-w c:\windows\system\SOUND.DRV
+ 2001-08-23 12:00:00 3,360 ----a-w c:\windows\system\SYSTEM.DRV
+ 2001-08-23 12:00:00 4,048 ----a-w c:\windows\system\TIMER.DRV
+ 2001-08-23 12:00:00 2,176 ----a-w c:\windows\system\VGA.DRV
+ 2001-08-23 12:00:00 13,600 ----a-w c:\windows\system\WFWNET.DRV
+ 2004-08-03 23:56:58 146,432 ----a-w c:\windows\system\WINSPOOL.DRV
+ 2008-08-06 20:22:02 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-08-06 20:30:48 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll
+ 2008-08-06 20:31:08 67,000 ----a-w c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2008-08-06 20:22:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-08-06 19:45:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-08-06 20:22:44 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-08-06 19:35:52 706,048 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-08-06 19:35:52 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-08-06 19:35:52 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-08-06 19:42:04 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-08-06 19:35:52 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll
+ 2008-08-06 20:21:14 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-08-06 20:24:14 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-08-06 20:30:30 447,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100465.exe
+ 2008-08-06 20:24:56 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-08-06 20:21:04 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-08-06 19:35:52 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 14:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2001-08-23 12:00:00 10,544 ----a-w c:\windows\system32\comm.drv
+ 2004-08-04 00:07:22 1,788 ----a-w c:\windows\system32\Dcache.bin
+ 2001-08-23 12:00:00 2,000 -c--a-w c:\windows\system32\dllcache\keyboard.drv
+ 2001-08-23 12:00:00 2,560 -c--a-w c:\windows\system32\dllcache\lz32.dll
+ 2001-08-23 12:00:00 73,376 -c--a-w c:\windows\system32\dllcache\mciavi.drv
+ 2001-08-23 12:00:00 25,264 -c--a-w c:\windows\system32\dllcache\mciseq.drv
+ 2001-08-23 12:00:00 28,160 -c--a-w c:\windows\system32\dllcache\mciwave.drv
+ 2001-08-23 12:00:00 2,032 -c--a-w c:\windows\system32\dllcache\mouse.drv
+ 2001-08-23 12:00:00 2,944 -c--a-w c:\windows\system32\dllcache\null.sys
+ 2001-08-23 12:00:00 1,744 -c--a-w c:\windows\system32\dllcache\sound.drv
+ 2001-08-23 12:00:00 3,360 -c--a-w c:\windows\system32\dllcache\system.drv
+ 2001-08-23 12:00:00 4,048 -c--a-w c:\windows\system32\dllcache\timer.drv
+ 2001-08-23 12:00:00 2,176 -c--a-w c:\windows\system32\dllcache\vga.drv
+ 2001-08-23 12:00:00 13,600 -c--a-w c:\windows\system32\dllcache\wfwnet.drv
+ 2001-08-23 12:00:00 2,864 -c--a-w c:\windows\system32\dllcache\winsock.dll
+ 2004-08-03 23:56:58 146,432 -c--a-w c:\windows\system32\dllcache\winspool.drv
+ 2001-08-23 12:00:00 2,112 -c--a-w c:\windows\system32\dllcache\winspool.exe
+ 2001-08-23 12:00:00 2,736 -c--a-w c:\windows\system32\dllcache\wowdeb.exe
+ 2006-05-19 21:16:24 2,432 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2006-05-19 21:16:24 2,560 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2004-08-03 23:07:58 2,944 ----a-w c:\windows\system32\drivers\drmkaud.sys
+ 2001-08-17 14:00:04 2,944 ----a-w c:\windows\system32\drivers\msmpu401.sys
+ 2001-08-23 12:00:00 2,944 ----a-w c:\windows\system32\drivers\null.sys
- 2007-04-13 10:06:40 159,744 ----a-r c:\windows\system32\fscagent.exe
+ 2008-02-25 16:24:40 159,744 ----a-r c:\windows\system32\fscagent.exe
+ 2009-01-08 00:25:51 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-01-08 00:25:51 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-08 00:25:51 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2001-08-23 12:00:00 2,000 ----a-w c:\windows\system32\keyboard.drv
+ 2001-08-23 12:00:00 221,600 ----a-w c:\windows\system32\lanman.drv
+ 2001-08-23 12:00:00 2,560 ----a-w c:\windows\system32\lz32.dll
+ 2008-03-15 03:31:26 57,344 ----a-w c:\windows\system32\Macromed\Common\SwSupport.dll
+ 2008-03-24 23:32:46 218,496 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-09-03 01:53:26 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-03-15 03:29:22 581,632 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:12:30 1,490,944 ----a-w c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2008-03-15 03:29:58 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:10:06 606,208 ----a-w c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2008-03-15 03:28:48 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 03:28:56 475,136 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 03:21:52 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 03:31:28 77,824 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 15:38:08 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2008-03-15 03:31:28 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2001-08-23 12:00:00 73,376 ----a-w c:\windows\system32\mciavi.drv
+ 2001-08-23 12:00:00 25,264 ----a-w c:\windows\system32\mciseq.drv
+ 2001-08-23 12:00:00 28,160 ----a-w c:\windows\system32\mciwave.drv
+ 2001-08-23 12:00:00 2,032 ----a-w c:\windows\system32\mouse.drv
+ 2001-08-23 12:00:00 20,480 ----a-w c:\windows\system32\msacm32.drv
+ 2004-08-03 23:56:58 188,416 ----a-w c:\windows\system32\msh261.drv
+ 2004-08-04 00:05:44 294,912 ----a-w c:\windows\system32\msh263.drv
+ 2001-08-23 12:00:00 2,656 ----a-w c:\windows\system32\netware.drv
- 2007-11-13 17:44:42 1,617,920 ----a-r c:\windows\system32\pdbox28.exe
+ 2008-02-28 10:57:34 1,622,016 ----a-r c:\windows\system32\pdbox28.exe
- 2007-10-28 20:09:56 40,196 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-26 21:06:51 40,196 ----a-w c:\windows\system32\perfc009.dat
- 2007-10-28 20:09:56 311,934 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-26 21:06:51 311,934 ----a-w c:\windows\system32\perfh009.dat
- 2007-05-14 19:24:30 394,240 ----a-w c:\windows\system32\Smab.dll
+ 2007-11-13 14:31:46 399,360 ----a-w c:\windows\system32\Smab.dll
+ 2001-08-23 12:00:00 1,744 ----a-w c:\windows\system32\sound.drv
+ 2001-08-23 12:00:00 3,360 ----a-w c:\windows\system32\system.drv
+ 2001-08-23 12:00:00 4,048 ----a-w c:\windows\system32\timer.drv
+ 2001-08-23 12:00:00 2,176 ----a-w c:\windows\system32\vga.drv
+ 2004-08-04 00:05:44 23,552 ----a-w c:\windows\system32\wdmaud.drv
+ 2001-08-23 12:00:00 13,600 ----a-w c:\windows\system32\wfwnet.drv
+ 2001-08-23 12:00:00 2,864 ----a-w c:\windows\system32\winsock.dll
+ 2004-08-03 23:56:58 146,432 ----a-w c:\windows\system32\winspool.drv
+ 2001-08-23 12:00:00 2,112 ----a-w c:\windows\system32\winspool.exe
+ 2001-08-23 12:00:00 2,736 ----a-w c:\windows\system32\wowdeb.exe
- 2007-12-15 05:32:45 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2009-01-10 17:12:53 4,212 ---h--w c:\windows\system32\zllictbl.dat
- 2007-12-15 17:15:36 246,796 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2009-01-14 22:43:08 299,492 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-01-08 19:30:04 153,240 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-05-12 23:26:34 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
- 2007-12-10 01:10:38 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
+ 2007-12-26 18:09:19 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
- 2007-12-10 01:10:38 787,936 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2007-12-26 18:09:19 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
- 2007-12-15 05:37:16 7,139,599 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-01-13 16:00:25 10,707,916 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2007-12-10 01:10:43 6,463,239 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
+ 2009-01-10 18:00:49 10,696,658 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
- 2007-12-10 01:10:38 1,500,640 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
+ 2007-12-26 18:09:19 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
- 2007-12-10 01:10:38 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
+ 2007-12-26 18:09:19 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
- 2007-12-13 05:37:43 8,824,832 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2008-04-08 03:12:32 8,953,856 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2009-01-14 22:20:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2008-05-01 21:02:56 2,546 ----a-w c:\windows\unins000.dat
+ 2008-05-01 20:55:18 691,545 ----a-w c:\windows\unins000.exe
+ 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-08 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS7012Utility"="c:\windows\system32\SiSAudUt.exe" [2001-11-21 294912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 919280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-05 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.uyvy"= c:\windows\system32\msyuv.DLL
"vidc.yuy2"= ATIVYUY.DLL
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"MSACM.MI-SC4"= MI-SC4.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SiS KHooker"=c:\windows\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 51440]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2006-09-17 165760]
R4 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [2006-09-17 13824]
S1 DW;DW; [x]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2006-10-17 10368]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 00:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm

c:\windows\DownUpdater.exe - c:\windows\Downloaded Program Files\NowStarter.ocx
O16 -: {072039AB-2117-4ED5-A85F-9B9EB903E021}
hxxp://www.clubbox.co.kr/neo.fld/NowStarter.cab
c:\windows\Downloaded Program Files\NowStarter.inf
FF - ProfilePath - c:\documents and settings\L\Application Data\Mozilla\Firefox\Profiles\cv2hil3o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 17:49:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-14 17:52:03
ComboFix-quarantined-files.txt 2009-01-14 22:52:00
ComboFix2.txt 2007-12-16 04:08:14

Pre-Run: 7,985,745,920 bytes free
Post-Run: 8,192,135,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

316



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:44 PM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SiSAudUt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\L.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SiS7012Utility] C:\WINDOWS\system32\SiSAudUt.exe -wdm
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5500 bytes

rukia88
2009-01-15, 03:52
Hi peku006,

more updates re: how my computer is running. since posting my last reply, have lost internet connection a few times. connection to webpages is weird.

for example, when i try to go to hotmail.com or yahoo.com, in the status bar of the browser..this is what i see:
"finding www.www.hotmail.com.org" "autosearch.msn.com.response"..and some other weird things. "www.www.yahoo.com.org"

at one point, i would get a list of searches in Live Search (search.live.com) for hotmail or yahoo.

i'm sorry if i'm not providing concise info. on my end, it definitely seems like something is "off" when browsing.

thanks.

peku006
2009-01-15, 15:39
Hi rukia88
There is no malware that would be causing your problem
Let us take a deeper look.........

Download and run OTViewIt

Download OTViewIt from here (http://oldtimer.geekstogo.com/OTViewIt.exe) and save it to your desktop
Close all open windows
Double-click OTViewIt.exe to start OTViewIt.
Place a checkmark in the Scan All Users checkbox.
Click the Run Scan button to start the scan
When the scan is complete, two text files will be saved to the Desktop and opened in Notepad:
OTViewIt.txt <- this one will be maximized
Extras.txt <-this one will be minimized
Copy the contents of these two logs into your next reply, but before copying make sure Notepad got 'word wrap' unchecked
(You do that by clicking 'Format', and if 'Word Wrap' has a checkmark, click on it once to uncheck)

Thanks peku006

rukia88
2009-01-16, 03:46
Hi peku006,

Some additional info that i didn't mention but not sure if it's of importance. Whenever i load Spybot S&D using my computer, i always get a syntax error. i successfully logged into hotmail today however, logging out continues to produce a "page not found" error.

also, just starting last night, my second computer is having problems with connecting to websites. i get a message saying "DNS error. Server not found". My second computer uses Google Chrome. I also encountered some problems getting to this forum just now. What i tried doing was "ipconfig /flushdns" in cmd and i was able to go onto the forum immediately to post this reply.

I am using a router and never had problems with it.



OTViewIt logfile created on: 1/15/2009 6:50:38 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\L\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.22 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 69.64% Memory free
1.41 Gb Paging File | 1.08 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 8.47 Gb Free Space | 7.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 7.66 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-3746562C4F964
Current User Name: L
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2007/12/03 14:53:58 | 00,139,264 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2009/01/07 19:25:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2001/11/21 06:39:08 | 00,294,912 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\SISAUDUT.EXE
[2009/01/07 19:25:51 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[2008/03/08 12:35:08 | 01,481,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2007/05/11 07:50:24 | 00,804,376 | ---- | M] ( ) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
[2009/01/15 17:32:34 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
File not found -- -- (CLTNetCnService [Auto | Stopped])
[1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/09/14 08:59:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/01/07 19:25:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2005/08/11 01:17:28 | 00,118,272 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc [On_Demand | Stopped])
[2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services ==========

[2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [Boot | Running])
[2004/08/03 16:59:44 | 00,095,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2002/05/24 13:52:58 | 00,010,368 | ---- | M] (Digit@lway Co., Ltd.) -- C:\WINDOWS\system32\drivers\dwusbdnt.sys -- (dwusbdnt [On_Demand | Stopped])
[2007/02/15 20:22:16 | 00,094,080 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay [On_Demand | Stopped])
[2004/08/03 18:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2004/08/04 00:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC [Auto | Running])
[2007/02/15 20:22:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/10/10 13:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/03/08 12:35:08 | 00,051,440 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2004/07/17 05:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/12/13 13:52:48 | 00,163,200 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Running])
[2001/11/26 09:00:08 | 00,165,760 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sis7012.sys -- (SiS7012 [On_Demand | Running])
[2001/12/26 15:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/09/28 15:16:46 | 00,031,744 | R--- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC [On_Demand | Running])
[2004/08/09 00:44:40 | 00,051,040 | RH-- | M] (MCCI) -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus [On_Demand | Stopped])
[2004/08/09 00:44:40 | 00,082,768 | RH-- | M] (MCCI) -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser [On_Demand | Stopped])
[2001/08/17 15:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2006/11/18 01:02:53 | 00,080,272 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
[2006/11/18 01:02:53 | 00,010,864 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
[2006/11/18 01:02:53 | 00,137,884 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
[2006/11/18 01:02:54 | 00,108,003 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd [On_Demand | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2004/08/04 00:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec [Auto | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (291104 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
10048 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" (HKLM) -- C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SiS7012Utility"=C:\WINDOWS\system32\SiSAudUt.exe -wdm (Silicon Integrated Systems Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (Creative Technology Ltd)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (Creative Technology Ltd)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/24 00:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[1999/02/17 23:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 13:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 13:06:34 | 00,001,898 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download All by FlashGet: C:\Program Files\FlashGet\jc_all.htm [2000/02/06 13:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet: C:\Program Files\FlashGet\jc_link.htm [2000/02/06 13:06:34 | 00,001,898 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{44226DFF-747E-4edc-B30C-78752E50CD0C}: Button: ATI TV -- %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: &FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/01/15 15:07:54 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2006/09/11 19:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1960408961-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
56 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{072039AB-2117-4ED5-A85F-9B9EB903E021}: http://www.clubbox.co.kr/neo.fld/NowStarter.cab -- NowStarter Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{A2BE0C7D-2E77-498A-B8C3-782620438865} (Servers: | Description: SiS 900 PCI Fast Ethernet Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/09/17 19:48:43 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/01/15 18:49:55 | 02,216,820 | ---- | C] () -- C:\Documents and Settings\L\Desktop\ClubboxSetup.exe
[2009/01/15 18:08:21 | 52,423,056 | ---- | C] () -- C:\Documents and Settings\L\Desktop\zaSuiteSetup_80_059_000_en.exe
[2009/01/15 17:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\L\Application Data\MailFrontier
[2009/01/15 17:43:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/01/15 17:42:54 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/01/15 17:32:30 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\L\Desktop\OTViewIt.exe
[2009/01/14 17:57:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/14 17:46:26 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/14 17:46:24 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/14 17:46:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/14 17:43:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/14 17:43:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/14 17:43:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/14 17:43:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/14 17:43:59 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/14 17:43:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/14 17:43:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/14 17:43:59 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/14 17:43:59 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/14 17:38:02 | 03,039,899 | R--- | C] () -- C:\Documents and Settings\L\Desktop\ComboFix.exe
[2009/01/13 17:51:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\L\Desktop\OTScanIt2
[2009/01/13 14:52:26 | 00,000,000 | ---D | C] -- C:\rsit
[2009/01/13 14:52:01 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\L\Desktop\RSIT.exe
[2009/01/13 12:55:11 | 01,889,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\L\Desktop\mbam-rules.exe
[2009/01/13 09:18:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\L\Application Data\Malwarebytes
[2009/01/13 09:18:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/13 09:18:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/13 09:17:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/13 09:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/13 09:17:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/13 09:15:45 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\L\Desktop\mbam-setup.exe
[2009/01/11 16:28:43 | 00,021,547 | ---- | C] () -- C:\Documents and Settings\L\Desktop\dead-links.jpg
[2009/01/07 19:26:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/01/07 19:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/01/07 19:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\L\Application Data\Sun
[2009/01/07 19:10:19 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/01/07 19:10:19 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/15 18:51:50 | 00,621,856 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/01/15 18:49:55 | 02,216,820 | ---- | M] () -- C:\Documents and Settings\L\Desktop\ClubboxSetup.exe
[2009/01/15 18:08:23 | 52,423,056 | ---- | M] () -- C:\Documents and Settings\L\Desktop\zaSuiteSetup_80_059_000_en.exe
[2009/01/15 18:07:12 | 00,003,954 | ---- | M] () -- C:\rollback.ini
[2009/01/15 17:48:05 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/15 17:47:39 | 00,355,091 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/01/15 17:46:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/15 17:46:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/15 17:46:31 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/01/15 17:32:34 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L\Desktop\OTViewIt.exe
[2009/01/14 22:07:49 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/14 22:07:47 | 00,202,240 | ---- | M] () -- C:\Documents and Settings\L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 21:39:57 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/14 17:49:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/14 17:46:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/14 17:38:02 | 03,039,899 | R--- | M] () -- C:\Documents and Settings\L\Desktop\ComboFix.exe
[2009/01/14 15:27:56 | 00,055,849 | ---- | M] () -- C:\WINDOWS\System32\fscflist.ini
[2009/01/14 08:08:18 | 00,000,079 | ---- | M] () -- C:\WINDOWS\System32\fscagent.ini
[2009/01/14 08:08:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\PDBOXGame.html
[2009/01/13 17:30:46 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\L\Application Data\ezpinst.exe
[2009/01/13 17:30:46 | 00,007,812 | ---- | M] () -- C:\Documents and Settings\L\Application Data\ezplay.cat
[2009/01/13 17:30:45 | 00,094,080 | ---- | M] (VSO Software) -- C:\Documents and Settings\L\Application Data\ezplay.sys
[2009/01/13 17:30:45 | 00,001,104 | ---- | M] () -- C:\Documents and Settings\L\Application Data\LZAAYMNK.inf
[2009/01/13 17:30:44 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\L\Application Data\pcouffin.sys
[2009/01/13 17:30:44 | 00,007,824 | ---- | M] () -- C:\Documents and Settings\L\Application Data\pcouffin.cat
[2009/01/13 17:30:44 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\L\Application Data\pcouffin.inf
[2009/01/13 16:59:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/13 16:59:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/13 14:52:06 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\L\Desktop\RSIT.exe
[2009/01/13 12:55:20 | 01,889,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\L\Desktop\mbam-rules.exe
[2009/01/13 12:52:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/13 12:52:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/13 10:54:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/13 10:54:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/13 09:18:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/13 09:15:53 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\L\Desktop\mbam-setup.exe
[2009/01/12 10:15:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/01/12 10:15:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/11 21:52:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/01/11 21:52:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/11 17:25:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/11 17:25:25 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/11 16:28:43 | 00,021,547 | ---- | M] () -- C:\Documents and Settings\L\Desktop\dead-links.jpg
[2009/01/10 11:36:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/09 17:15:00 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/01/07 19:10:19 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/01/07 19:10:19 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/01/05 21:26:57 | 00,291,104 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 13:13:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/03 13:13:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/24 23:16:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/12/24 23:16:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/12/23 18:48:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/23 18:48:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/20 13:50:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/20 13:50:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/20 13:42:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/20 13:42:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/20 13:39:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/12/20 13:39:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
< End of report >


OTViewIt Extras logfile created on: 1/15/2009 6:50:38 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\L\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.22 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 69.64% Memory free
1.41 Gb Paging File | 1.08 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 8.47 Gb Free Space | 7.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 7.66 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-3746562C4F964
Current User Name: L
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{1485ABFA-12D7-4107-9148-54EE30CDBA67}"=Samsung USB Driver (MCCI 4.16)
"{224F7A6E-1D66-46B6-888A-D115E5AC20F6}"=MPIO Manager 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}"=Creative MediaSource
"{31228E31-2BFF-11D2-8866-00805F0D9D40}"=QPST
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EBD3749-304E-4A4C-9575-C00E5F015217}"=Apple Mobile Device Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}"=Adobe Flash Player 9 ActiveX
"{75B307FF-E529-4D62-B184-3DF41665B1AF}"=ATI Multimedia Center
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}"=iTunes
"{868D7896-99D4-4513-BC62-2B3AD3E24926}"=TuneUp Utilities 2006
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}"=GUIDE PLUS+(TM) for Windows® System
"{AC76BA86-7AD7-1033-7B44-A70500000002}"=Adobe Reader 7.0.5
"{AC76BA86-7AD7-5760-0000-705000000001}"=Adobe Reader Japanese Fonts
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}"=Creative Zen Vision M
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1"=BitPim 0.7.22
"{FC98FBE9-E931-494C-8717-497185371033}"=Nero 7
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"Audacity_is1"=Audacity 1.2.6
"Creative Removable Disk Manager"=Creative Removable Disk Manager
"ffdshow_is1"=ffdshow [rev 1099] [2007-04-14]
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1485ABFA-12D7-4107-9148-54EE30CDBA67}"=Samsung USB Driver (MCCI 4.16)
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.46 Full
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.16)"=Mozilla Firefox (2.0.0.16)
"NeoAudio"=NeoAudio extraction audio
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SiS 650"=SiS 650
"SiS7012"=SiS Audio Driver
"SiSLan"=SiS 900 PCI Fast Ethernet Adapter Driver
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SUPER ©"=SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SysInfo"=Creative System Information
"USBCOMM&10AB&10C5"=USB Data Cable
"VobSub"=VobSub v2.23 (Remove Only)
"Winamp"=Winamp
"WinAVIVideoConverter_is1"=WinAVIVideoConverter
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"XPayMPI"=XPayMPI 2.0.1.2
"Yahoo! Photos Drag-Drop Uploader 1v7"=Yahoo! Photos Easy Upload Tool 1v7
"ZoneAlarm Security Suite"=ZoneAlarm Security Suite

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2009 6:44:54 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2009 8:06:10 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2009 8:07:30 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 4:40:50 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 4:43:47 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 4:43:53 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 4:50:26 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 5:37:58 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 9:02:19 PM | Computer Name = L-3746562C4F964 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 0.57.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2009 7:39:51 PM | Computer Name = L-3746562C4F964 | Source = Application Error | ID = 1000
Description = Faulting application zlclient.exe, version 7.0.302.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 1/13/2009 3:54:48 PM | Computer Name = L-3746562C4F964 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/13/2009 3:54:48 PM | Computer Name = L-3746562C4F964 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 1/13/2009 6:35:54 PM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1 SABKUTIL

Error - 1/14/2009 8:31:58 AM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1 SABKUTIL

Error - 1/14/2009 6:20:47 PM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1 SABKUTIL

Error - 1/14/2009 8:26:50 PM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1 SABKUTIL

Error - 1/14/2009 8:49:23 PM | Computer Name = L-3746562C4F964 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{A2BE0C7D-2E77-498A-B8C3-782620438865}. The
backup browser is stopping.

Error - 1/15/2009 9:15:10 AM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1 SABKUTIL

Error - 1/15/2009 6:04:59 PM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1 SABKUTIL

Error - 1/15/2009 6:47:34 PM | Computer Name = L-3746562C4F964 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL


< End of report >

peku006
2009-01-18, 16:27
Hi rukia88

Well those scans certainly came up clean. I don't believe your issue is malware related.
I think you have a problem with your internet connection

I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.

rukia88
2009-01-19, 23:17
Hi peku006,
Thank you so much for all your help, time and patience. I will check out those forums that you have suggested. Just a quick update, things seem to be running a bit better now on my computer, so that's a good sign.

Once again, thank you very much and take care.

- rukia88

peku006
2009-01-20, 19:19
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.