I just had some problems with my explorer[it would open up any drives from My Computer in a new window] and I decided to download Spybot S&D to scan and see if I`ve been hit with anything. AVG didn`t pick up anything, but Spybot caught a few fishes.

I managed to clear up the problem of drives opening up in a new window through some registry edit fixes I saw on the internet, but I found that no matter what I did, my folder settings would never be remembered.
The last time that happened to me was a few years ago and it was when I got hit with a thumbdrive worm, so I figured I would scan with Spybot.

I picked up some stuff and cleared it, but the problem still persisted. I went to restart my computer, scan it again, and nothing came up. The folder settings problem is still there.
One thing I noticed after I restarted immediately after the scan was that there was a few MS-DOS Prompt windows opening for a brief moment when it loaded onto Windows XP.

I might be a bit paranoid, but I`m thinking there`s some worm inside that I`m not picking up. Please advice.

I`m currently on Windows XP SP2

Here`s the log from the scan.




DNSFlush.cws: [SBI $893785D8] Autorun settings (cdoosoft) (Registry value, fixed)
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft

DNSFlush.cws: [SBI $893785D8] Program file (File, fixed)
C:\DOCUME~1\Owner\LOCALS~1\Temp\herss.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

DNSFlush.cws: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

DNSFlush.cws: [SBI $A1906895] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden

Win32.Rungbu.a: [SBI $8819FA0B] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\MADOWN

Win32.Rungbu.a: [SBI $40B676B4] Executable (File, fixed)
C:\Documents and Settings\Owner\Local Settings\Temp\herss.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Right Media: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


CPXinteractive: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


CPXinteractive: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


HitsLink: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


WebTrends live: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Owner (default)) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-12-29 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-12-29 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-29 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2009-12-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-30 Includes\Malware.sbi (*)
2009-12-30 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-12-29 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-12-29 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Hi bobjoe

Please see the forum FAQ which details how to produce a HJT log and copy paste it into your topic.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Thanks peku006

Heheh, sorry.
Last time when I sought help, they specifically asked us NOT to post the HJT log unless asked to, so I thought it would still be the same.

This log is just taken only, so it doesn`t have any of the worms in the above scan.

Thank you!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:40 AM, on 1/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Owner\winlogon.exe
O4 - HKCU\..\Run: [Network IPv6] C:\WINDOWS\Network-IPv6\network.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194533315765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6685E5-269D-46EA-A43E-E52FCA78EF34}: NameServer = 202.156.1.48,202.156.1.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google ?????? ???? (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7657 bytes

Hi bobjoe

it is ok, but I need it,otherwise, I can`t start cleaning your computer :bigthumb:

1 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006

Alright!

Maybe I`m overstepping my bounds, but I have a suspicion that the infection might have been a little more than a month ago.
I used to set all my folders to be able to view hidden files, but I believe I stopped seeing all the hidden files here and there a while before I got hit with that.
I might be wrong, though. I didn`t really pay attention to these small things.

Anyway, here are the logs.


Log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-06 01:33:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 26 GB (21%) free of 120 GB
Total RAM: 1535 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:11 AM, on 1/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Owner\winlogon.exe
O4 - HKCU\..\Run: [Network IPv6] C:\WINDOWS\Network-IPv6\network.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194533315765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6685E5-269D-46EA-A43E-E52FCA78EF34}: NameServer = 202.156.1.48,202.156.1.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google ?????? ???? (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7724 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-07-01 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-10-26 1217808]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"UserLogon"=C:\Documents and Settings\Owner\winlogon.exe []
"Network IPv6"=C:\WINDOWS\Network-IPv6\network.exe []
"NCsoft Launcher"=C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-19 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\Program Files\mIRC\mirc.exe"="F:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Owner\Desktop\lancraft.exe"="C:\Documents and Settings\Owner\Desktop\lancraft.exe:*:Enabled:lancraft"
"C:\Program Files\KVIrc\kvirc.exe"="C:\Program Files\KVIrc\kvirc.exe:*:Enabled:kvirc"
"C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\half-life\hl.exe"="C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Autodesk\Maya8.5\bin\maya.exe"="C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Qianhong\Qianhong.exe"="C:\Program Files\Qianhong\Qianhong.exe:*:Enabled:Qianhong Application"
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe"="C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
"C:\Program Files\Bothtec\MacrossVOXP\mcr.exe"="C:\Program Files\Bothtec\MacrossVOXP\mcr.exe:*:Enabled:MACROSS VO"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Steam\steamapps\neojava\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\neojava\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Java\jre1.6.0\bin\javaws.exe"="C:\Program Files\Java\jre1.6.0\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-06 01:33:58 ----D---- C:\rsit
2010-01-03 21:27:23 ----D---- C:\WINDOWS\ERDNT
2010-01-03 21:26:51 ----D---- C:\Program Files\ERUNT
2010-01-03 20:55:39 ----A---- C:\WINDOWS\wininit.ini
2010-01-03 20:19:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-03 20:19:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 20:05:04 ----D---- C:\Program Files\Trend Micro
2010-01-02 15:39:53 ----RSH---- C:\h0.exe
2009-12-31 18:42:55 ----RSH---- C:\anoataly.exe
2009-12-12 15:27:37 ----D---- C:\BlitzMAX v1.33 rc35
2009-12-09 22:18:40 ----D---- C:\Program Files\Google
2009-12-09 21:47:13 ----D---- C:\chinese

======List of files/folders modified in the last 1 months======

2010-01-06 01:33:49 ----D---- C:\WINDOWS\Prefetch
2010-01-06 00:48:58 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 00:46:48 ----D---- C:\WINDOWS\Temp
2010-01-06 00:46:36 ----D---- C:\Program Files\Steam
2010-01-06 00:46:14 ----D---- C:\WINDOWS\system32
2010-01-06 00:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 00:43:08 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-01-06 00:41:43 ----D---- C:\Program Files\foobar2000
2010-01-06 00:26:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 00:08:33 ----D---- C:\h2
2010-01-05 23:26:53 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-03 21:27:23 ----D---- C:\WINDOWS
2010-01-03 21:26:51 ----RD---- C:\Program Files
2010-01-03 20:13:07 ----HD---- C:\$AVG8.VAULT$
2009-12-30 13:00:34 ----D---- C:\Program Files\Warcraft III
2009-12-29 02:04:06 ----D---- C:\Program Files\JKDefrag
2009-12-28 21:58:17 ----D---- C:\(C76) [SAIGADO] THE YURI FRIENDS FULLCOLOR 10 (The King of Fighters)
2009-12-28 21:58:01 ----D---- C:\[A.O.I] Oshiete Sensei! (Original)
2009-12-20 19:54:38 ----D---- C:\Documents and Settings\Owner\Application Data\Hamachi
2009-12-20 13:40:40 ----D---- C:\Documents and Settings\Owner\Application Data\Canon
2009-12-09 22:38:59 ----A---- C:\WINDOWS\system.ini
2009-12-09 22:24:08 ----SHD---- C:\WINDOWS\Installer
2009-12-09 22:24:06 ----D---- C:\WINDOWS\WinSxS
2009-12-09 22:18:51 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-19 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-19 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-06 108552]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2006-02-28 12160]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-11-30 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-16 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-16 18944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2006-02-28 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S3 akai1xws;akai1xws; C:\WINDOWS\system32\drivers\akai1xws.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\OGS3F5.tmp []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-11-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-11-29 63120]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-11-29 78992]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-19 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-06 66872]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-12-06 753664]
S2 gupdate;Google ?????? ???? (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-21 654848]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-19 2769658]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

-----------------EOF-----------------




info.txt


info.txt logfile of random's system information tool 1.06 2010-01-06 01:34:12

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Add or Remove Adobe Creative Suite 3 Web Premium-->C:\Program Files\Common Files\Adobe\Installers\247961ef275e20c5cb073c36394ac32\Setup.exe
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{C347D234-93D8-4595-BDAA-C04638B23B48}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{6A5D1A94-624A-4D20-B178-3A283B500370}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk DirectConnect 2.0-->MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Crimson Editor SVN263-->C:\Program Files\Emerald Editor Community\Crimson Editor SVN263\uninst.exe
Dolphin 1.3 beta-->C:\Program Files\Dolphin\uninst.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Exact Audio Copy 0.99pb3-->C:\Program Files\Exact Audio Copy\uninst.exe
FLAC 1.2.0a (remove only)-->C:\Program Files\FLAC\uninstall.exe
FlashGet 1.9.0.1012-->C:\Program Files\FlashGet\uninst.exe
foobar2000 v0.9.6.9-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Game Maker 7-->C:\Program Files\Game_Maker7\Uninstal.exe
Garena-->C:\Program Files\Garena\uninst.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google ?????-->MsiExec.exe /X{CE2015F4-B2B3-43BC-B774-44EBD6990D67}
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Handbrake 2.4.1-->C:\Program Files\Handbrake\uninst.exe
headus UVLayout v2 Professional-->MsiExec.exe /I{A1086DA0-903E-4DEA-A83F-6317923CC63D}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\My Documents\HijackThis.exe" /uninstall
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KVIrc 3.2.0 "Realia"-->"C:\Program Files\KVIrc\unins000.exe"
Maya 8.5 Documentation (en_US)-->MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Maya 8.5-->MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"F:\Program Files\mIRC\mirc.exe" -uninstall
MonkeyJam 3_050529-->"C:\Program Files\MonkeyJam\unins000.exe"
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Natural Selection 3.2-->"c:\program files\steam\steamapps\ss0ul_climax@hotmail.com\half-life\unins000.exe"
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NetLimiter 1.25 (remove only)-->"C:\Program Files\NetLimiter\nluninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OpenOffice.org 2.2-->MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
osu!-->MsiExec.exe /X{C3592426-531E-4110-911D-BFECE2CE284C}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pepakura Designer 3-->"C:\Program Files\tamasoftware\pepakura3en\designer\epuninst.exe" /s
PlayOnline Viewer and Tetra Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tablet-->C:\Program Files\Tablet\Remove.exe /u
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: USER-3276E4FE42
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 89375
Source Name: W32Time
Time Written: 20091021081259.000000+480
Event Type: warning
User:

Computer Name: USER-3276E4FE42
Event Code: 7000
Message: The DS1410D service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 89352
Source Name: Service Control Manager
Time Written: 20091020183355.000000+480
Event Type: error
User:

Computer Name: USER-3276E4FE42
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 89339
Source Name: W32Time
Time Written: 20091017123427.000000+480
Event Type: warning
User:

Computer Name: USER-3276E4FE42
Event Code: 7000
Message: The DS1410D service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 89321
Source Name: Service Control Manager
Time Written: 20091016225520.000000+480
Event Type: error
User:

Computer Name: USER-3276E4FE42
Event Code: 7000
Message: The DS1410D service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 89296
Source Name: Service Control Manager
Time Written: 20091016180528.000000+480
Event Type: error
User:

=====Application event log=====

Computer Name: USER-3276E4FE42
Event Code: 12001
Message:
Record Number: 11601
Source Name: usnjsvc
Time Written: 20090513191111.000000+480
Event Type:
User:

Computer Name: USER-3276E4FE42
Event Code: 12001
Message:
Record Number: 11589
Source Name: usnjsvc
Time Written: 20090512213720.000000+480
Event Type:
User:

Computer Name: USER-3276E4FE42
Event Code: 12001
Message:
Record Number: 11514
Source Name: usnjsvc
Time Written: 20090509085907.000000+480
Event Type:
User:

Computer Name: USER-3276E4FE42
Event Code: 12001
Message:
Record Number: 11499
Source Name: usnjsvc
Time Written: 20090507182952.000000+480
Event Type:
User:

Computer Name: USER-3276E4FE42
Event Code: 12001
Message:
Record Number: 11484
Source Name: usnjsvc
Time Written: 20090506183811.000000+480
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"MAYA_APP_DIR"=C:\Documents and Settings\Owner\My Documents\maya
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\Autodesk\Maya8.5\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=4b02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

Hi bobjoe

OK, let´s see what we found

1 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop. If needed...Tutorial w/screenshots (http://thespykiller.co.uk/index.php/topic,5946.0.html)
Alternate download sites available here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or here (http://www.besttechie.net/tools/mbam-setup.exe).
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
Problems downloading the updates? Manually download them from here (http://malwarebytes.gt500.org/mbam-rules.exe) and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log

Thanks peku006

Malwarebytes' Anti-Malware 1.43
Database version: 3502
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/7/2010 5:47:32 AM
mbam-log-2010-01-07 (05-47-32).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 330737
Time elapsed: 1 hour(s), 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\disableregedit (Hijack.Regedit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Hi bobjoe


Unable to change folder settings
Do you still have the same problem ?

1 - Clean temp files


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.


NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006

The problem is solved, but more stuff are found!

After the ESET scan was done, it didn`t have any options to remove the threats because I didn`t check that button. Should I scan one more time and have that button checked?



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7297ceab373a804394a560489770cb03
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-07 07:41:36
# local_time=2010-01-08 03:41:36 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 363852 363852 0 0
# compatibility_mode=1024 16777175 100 0 47097046 47097046 0 0
# compatibility_mode=8192 67108863 100 0 1313 1313 0 0
# scanned=199945
# found=12
# cleaned=0
# scan_time=9142
C:\autorun.inf Win32/PSW.OnLineGames.NNU trojan 00000000000000000000000000000000 I
C:\h0.exe Win32/AutoRun.PSW.OnlineGames.AO worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\WINDOWS\system32\ActiveScan\pskavs.dll probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\autorun.inf Win32/PSW.OnLineGames.NNU trojan 00000000000000000000000000000000 I
D:\h0.exe Win32/AutoRun.PSW.OnlineGames.AO worm 00000000000000000000000000000000 I
F:\autorun.inf Win32/PSW.OnLineGames.NNU trojan 00000000000000000000000000000000 I
F:\h0.exe Win32/AutoRun.PSW.OnlineGames.AO worm 00000000000000000000000000000000 I
G:\autorun.inf Win32/PSW.OnLineGames.NNU trojan 00000000000000000000000000000000 I
G:\h0.exe Win32/AutoRun.PSW.OnlineGames.AO worm 00000000000000000000000000000000 I
H:\autorun.inf Win32/PSW.OnLineGames.NNU trojan 00000000000000000000000000000000 I
H:\h0.exe Win32/AutoRun.PSW.OnlineGames.AO worm 00000000000000000000000000000000 I





HJT LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:35 AM, on 1/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Owner\winlogon.exe
O4 - HKCU\..\Run: [Network IPv6] C:\WINDOWS\Network-IPv6\network.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194533315765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6685E5-269D-46EA-A43E-E52FCA78EF34}: NameServer = 202.156.1.48,202.156.1.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google ?????? ???? (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7613 bytes

Don`t mean to bump, but what options do I have if I wish to scan some commonly used hard drives for all these worms? Do I plug them in and do the scan with ESET and remove them or Malware`s antimalware?

Or do I post a log of their scans or anything?

Hi bobjoe


After the ESET scan was done, it didn`t have any options to remove the threats because I didn`t check that button. Should I scan one more time and have that button checked?
it is not necessary we will remove them "manually"

Download Flash_Disinfector from here (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives

Download OTM (http://oldtimer.geekstogo.com/OTM.exe) by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.

:Files
D:\h0.exe
F:\h0.exe
G:\h0.exe
H:\h0.exe


Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006

Hi Peku,

Can I use the flash disinfector on other flashdrives or hard disks on my own in the future if I require them to be scanned?





========== FILES ==========
D:\h0.exe moved successfully.
F:\h0.exe moved successfully.
G:\h0.exe moved successfully.
H:\h0.exe moved successfully.

OTM by OldTimer - Version 3.1.5.0 log created on 01112010_002751

Hi bobjoe

Can I use the flash disinfector on other flashdrives or hard disks on my own in the future if I require them to be scanned?
Sure you can ,if you think that it is necessary

How's the computer running now? Any problems?

Thanks peku006

Hi Peku006,

Thanks a lot for the time you spent to help me!

Yes, very good. Is there any other way I can confirm that my computer is free?

Should I post a HJT log here?

And the OTM.exe says the malware files were moved, but were they deleted or just move somewhere else on my hard drive?


Here`s a current HJT log just in case..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:21 AM, on 1/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Owner\winlogon.exe
O4 - HKCU\..\Run: [Network IPv6] C:\WINDOWS\Network-IPv6\network.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194533315765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6685E5-269D-46EA-A43E-E52FCA78EF34}: NameServer = 202.156.1.48,202.156.1.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google ?????? ???? (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7889 bytes

Hi bobjoe


OTM.exe says the malware files were moved, but were they deleted or just move somewhere else on my hard drive?
OTM move them to a "special folder" ,which we will remove little later

all logs are ok, we can check if some of the programs need updating..

Security Check
Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe) ... by screen317. Save it to your desktop.
Alternate download site: Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.

Thanks peku006

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 8.5
ESET Online Scanner v3
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hi bobjoe

It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://www.adobe.com/products/acrobat/readstep2_servefile.html?option=full&order=1&type=&language=English&platform=WinXPSP2&esdcanbeused=0&esdcanhandle=0&hasjavascript=1&dlm=nos

Install it, then go to Add Remove Programs and remove any older versions that may remain.

Please reply with

a fresh HijackThis log

peku006

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:39 PM, on 1/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Owner\winlogon.exe
O4 - HKCU\..\Run: [Network IPv6] C:\WINDOWS\Network-IPv6\network.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194533315765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6685E5-269D-46EA-A43E-E52FCA78EF34}: NameServer = 202.156.1.48,202.156.1.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google ?????? ???? (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7690 bytes

Hi Peku,

I decided to scan again for insurance and Malware picked up these extra stuff.
I used Malwarebyte`s Anti-Malware to clean it up.

Just to mention, I`ve been using a few thumbdrives to transfer files around, is it safe to do so? I`ve scanned both of them with Malwarebyte`s Anti-Malware, they said they were clean, though.


Thanks,
Zishen


Malwarebytes' Anti-Malware 1.44
Database version: 3576
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/17/2010 11:23:57 AM
mbam-log-2010-01-17 (11-23-57).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 280070
Time elapsed: 52 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\h0.exe (Spyware.OnlineGames) -> Not selected for removal.

Hi Zishen

I`ve been using a few thumbdrives to transfer files around, is it safe to do so?
yes it is safe, if they are clean, :D:seems to be a good idea to check them all with Malwarebyte `s Anti-Malware

C:\h0.exe (Spyware.OnlineGames) -> Not selected for removal.

Make sure that everything is checked, and click Remove Selected

Thanks peku006

I removed it. I`m not sure how it got back.

What`s the next step after that?

Hi bobjoe

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).


Thanks peku006

Hi peku,

I just post the log like this and wait for your response?




OTS logfile created on: 1/22/2010 12:41:40 AM - Run 1
OTS by OldTimer - Version 3.1.19.2 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 25.38 Gb Free Space | 21.66% Space Free | Partition Type: NTFS
Drive D: | 180.89 Gb Total Space | 35.61 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive E: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 39.06 Gb Total Space | 2.34 Gb Free Space | 5.99% Space Free | Partition Type: NTFS
Drive G: | 18.55 Gb Total Space | 4.74 Gb Free Space | 25.53% Space Free | Partition Type: NTFS
Drive H: | 16.91 Gb Total Space | 7.52 Gb Free Space | 44.49% Space Free | Partition Type: NTFS
Drive I: | 611.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 608.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-3276E4FE42
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\My Documents\OTS.exe -> [2010/01/22 00:07:20 | 00,631,808 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/01/07 02:25:33 | 00,908,248 | ---- | M] (Mozilla Corporation)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/12/12 09:42:26 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
steam.exe -> C:\Program Files\Steam\Steam.exe -> [2009/10/26 19:08:34 | 01,217,808 | ---- | M] (Valve Corporation)
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009/08/19 17:54:04 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/19 17:54:04 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/19 17:54:01 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/19 17:54:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/19 17:53:56 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
hamachi.exe -> C:\Program Files\Hamachi\hamachi.exe -> [2009/04/13 21:28:04 | 00,625,952 | ---- | M] (LogMeIn Inc.)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
pnkbstra.exe -> C:\WINDOWS\system32\PnkBstrA.exe -> [2008/07/06 22:43:04 | 00,066,872 | ---- | M] ()
daemon.exe -> C:\Program Files\DAEMON Tools\daemon.exe -> [2007/04/04 06:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.exe -> [2006/09/06 11:44:20 | 16,262,656 | R--- | M] (Realtek Semiconductor Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2006/02/28 20:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation)
tcpsvcs.exe -> C:\WINDOWS\system32\tcpsvcs.exe -> [2006/02/28 20:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2006/02/28 20:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
tablet.exe -> C:\WINDOWS\system32\Tablet.exe -> [2005/12/06 12:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)
tabuserw.exe -> C:\WINDOWS\system32\WTablet\TabUserW.exe -> [2005/12/06 11:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\My Documents\OTS.exe -> [2010/01/22 00:07:20 | 00,631,808 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2006/02/28 20:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(gupdate) Google アップデート サービス (gupdate) [Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/12/09 22:18:40 | 00,135,664 | ---- | M] (Google Inc.)
(avg8emc) AVG8 E-mail Scanner [Auto | Running] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/19 17:54:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/19 17:53:56 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\WINDOWS\System32\GameMon.des -> [2009/02/19 06:21:00 | 02,769,658 | ---- | M] (INCA Internet Co., Ltd.)
(NVSvc) NVIDIA Display Driver Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(PnkBstrA) PnkBstrA [Auto | Running] -> C:\WINDOWS\system32\PnkBstrA.exe -> [2008/07/06 22:43:04 | 00,066,872 | ---- | M] ()
(Adobe LM Service) Adobe LM Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007/11/08 22:57:50 | 00,072,704 | ---- | M] (Adobe Systems)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2007/08/21 17:33:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(p2pgasvc) Peer Networking Group Authentication [On_Demand | Stopped] -> C:\WINDOWS\system32\p2pgasvc.dll -> [2006/02/28 20:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation)
(SimpTcp) Simple TCP/IP Services [Auto | Running] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2006/02/28 20:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(TabletService) TabletService [Auto | Running] -> C:\WINDOWS\system32\Tablet.exe -> [2005/12/06 12:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)
(Iprip) RIP Listener [Auto | Running] -> C:\WINDOWS\system32\iprip.dll -> [2004/08/04 20:00:00 | 00,035,328 | ---- | M] (Microsoft Corporation)
(Irmon) Infrared Monitor [Auto | Running] -> C:\WINDOWS\system32\irmon.dll -> [2004/08/04 08:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(GarenaPEngine) GarenaPEngine [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\Owner\Local Settings\Temp\FUHA1.tmp -> [2010/01/17 23:25:08 | 00,025,616 | ---- | M] ()
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/08/19 17:54:04 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/08/19 17:54:04 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/05/06 18:39:37 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/05/21 22:24:58 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hamachi.sys -> [2007/11/30 21:07:00 | 00,025,280 | ---- | M] (LogMeIn, Inc.)
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LMouKE.Sys -> [2007/11/29 02:18:04 | 00,078,992 | ---- | M] (Logitech, Inc.)
(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LMouFilt.Sys -> [2007/11/29 02:17:56 | 00,036,368 | ---- | M] (Logitech, Inc.)
(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LHidFilt.Sys -> [2007/11/29 02:17:48 | 00,035,088 | ---- | M] (Logitech, Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\L8042mou.Sys -> [2007/11/29 02:17:34 | 00,063,120 | ---- | M] (Logitech, Inc.)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\L8042Kbd.sys -> [2007/11/29 02:17:28 | 00,020,240 | ---- | M] (Logitech, Inc.)
(Haspnt) Haspnt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Haspnt.sys -> [2007/08/12 00:43:30 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2007/07/17 23:46:16 | 00,682,232 | ---- | M] ()
(LUsbFilt) Logitech SetPoint KMDF USB Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LUsbFilt.sys -> [2007/04/11 15:33:14 | 00,028,688 | ---- | M] (Logitech, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/09/06 16:04:12 | 04,377,600 | R--- | M] (Realtek Semiconductor Corp.)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/05/16 19:25:02 | 00,018,944 | R--- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/05/16 19:25:00 | 00,052,736 | R--- | M] (NVIDIA Corporation)
(nvata) nvata [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvata.sys -> [2006/04/24 17:52:28 | 00,100,736 | R--- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2006/02/28 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(FsVga) FsVga [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\fsvga.sys -> [2006/02/28 20:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation)
(PenClass) Pen Class [Kernel | Boot | Running] -> C:\WINDOWS\system32\Drivers\PenClass.sys -> [2005/11/30 12:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation)
(Hardlock) Hardlock [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\hardlock.sys -> [2005/07/28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005/03/09 14:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Hdaudbus.sys -> [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\irsir.sys -> [2001/08/17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation)
(Sentinel) Sentinel [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\SENTINEL.SYS -> [2001/06/21 21:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.)
(Sntnlusb) Rainbow USB SuperPro [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -> [2001/06/21 21:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\] > -> ->
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\: SearchURL\\"provider" -> ->
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6ho963th.default\prefs.js ->
browser.startup.homepage -> "www.google.com.sg" ->
extensions.enabledItems -> {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7 ->
network.proxy.backup.ftp -> "" ->
network.proxy.backup.ftp_port -> 0 ->
network.proxy.backup.gopher -> "" ->
network.proxy.backup.gopher_port -> 0 ->
network.proxy.backup.socks -> "" ->
network.proxy.backup.socks_port -> 0 ->
network.proxy.backup.ssl -> "" ->
network.proxy.backup.ssl_port -> 0 ->
network.proxy.ftp -> "66.63.165.62" ->
network.proxy.ftp_port -> 3128 ->
network.proxy.gopher -> "66.63.165.62" ->
network.proxy.gopher_port -> 3128 ->
network.proxy.http -> "66.63.165.62" ->
network.proxy.http_port -> 3128 ->
network.proxy.share_proxy_settings -> true ->
network.proxy.socks -> "66.63.165.62" ->
network.proxy.socks_port -> 3128 ->
network.proxy.ssl -> "66.63.165.62" ->
network.proxy.ssl_port -> 3128 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG8\Firefox [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/12/22 20:50:55 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/16 00:06:49 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/17 12:25:10 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009/08/22 21:41:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins -> C:\Program Files\Mozilla Thunderbird\plugins [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS] -> [2010/01/15 21:45:40 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2008/12/18 19:52:01 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ho963th.default\extensions -> [2010/01/22 00:00:09 | 00,000,000 | ---D | M]
FireFTP -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ho963th.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} -> [2009/12/08 19:34:50 | 00,000,000 | ---D | M]
Greasemonkey -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ho963th.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/12/18 17:37:39 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/17 00:49:47 | 00,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> [2007/07/01 23:36:19 | 00,000,000 | ---D | M]
< HOSTS File > (371233 bytes and 12842 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 00,075,200 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> C:\Program Files\FlashGet\jccatch.dll [FGCatchUrl] -> [2007/06/29 19:44:36 | 00,094,308 | ---- | M] (www.flashget.com)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/12/12 09:42:28 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> [2007/07/01 23:36:13 | 00,501,384 | ---- | M] (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> C:\Program Files\FlashGet\getflash.dll [FlashGet GetFlash Class] -> [2007/05/16 13:05:16 | 00,163,840 | ---- | M] (www.flashget.com)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 00,948,672 | R--- | M] (Adobe Systems Incorporated)
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> File not found
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 00,035,760 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 18:43:28 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/12/12 09:42:26 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/04 20:00:00 | 00,208,952 | ---- | M] (Microsoft Corporation)
"Kernel and Hardware Abstraction Layer" -> C:\WINDOWS\KHALMNPR.Exe [KHALMNPR.EXE] -> [2007/11/29 02:17:20 | 00,055,824 | ---- | M] (Logitech, Inc.)
"Logitech Hardware Abstraction Layer" -> C:\WINDOWS\KHALMNPR.Exe [KHALMNPR.EXE] -> [2007/11/29 02:17:20 | 00,055,824 | ---- | M] (Logitech, Inc.)
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2004/08/04 20:00:00 | 00,059,392 | ---- | M] ()
"NeroFilterCheck" -> C:\WINDOWS\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 10:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/10/07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2008/10/07 13:33:00 | 01,630,208 | ---- | M] ()
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/04 20:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2004/08/04 20:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/09/06 11:44:20 | 16,262,656 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/16 18:04:26 | 02,879,488 | R--- | M] (Realtek Semiconductor Corp.)
< Run [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools" -> C:\Program Files\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2007/04/04 06:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.)
"NCsoft Launcher" -> C:\Program Files\NCsoft\Launcher\NCLauncher.exe [C:\Program Files\NCsoft\Launcher\NCLauncher.exe /Minimized] -> File not found
"Network IPv6" -> C:\WINDOWS\Network-IPv6\network.exe [C:\WINDOWS\Network-IPv6\network.exe] -> File not found
"Steam" -> C:\Program Files\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> [2009/10/26 19:08:34 | 01,217,808 | ---- | M] (Valve Corporation)
"UserLogon" -> C:\Documents and Settings\Owner\winlogon.exe [C:\Documents and Settings\Owner\winlogon.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk -> C:\WINDOWS\system32\WTablet\TabUserW.exe -> [2005/12/06 11:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\hamachi.lnk -> C:\Program Files\Hamachi\hamachi.exe -> [2009/04/13 21:28:04 | 00,625,952 | ---- | M] (LogMeIn Inc.)
< Software Policy Settings [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [91 00 00 00 [binary data]] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [91 00 00 00 [binary data]] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [36] -> File not found
\\"NoDriveAutoRun" -> [FF FF FF FF [binary data]] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download All with FlashGet -> C:\Program Files\FlashGet\JC_ALL.HTM [C:\Program Files\FlashGet\jc_all.htm] -> [2007/05/15 17:10:34 | 00,001,049 | ---- | M] ()
&Download with FlashGet -> C:\Program Files\FlashGet\JC_LINK.HTM [C:\Program Files\FlashGet\jc_link.htm] -> [2007/05/15 17:10:34 | 00,001,898 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> C:\Program Files\FlashGet\flashget.exe [Button: FlashGet] -> [2007/06/29 19:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> C:\Program Files\FlashGet\flashget.exe [Menu: FlashGet] -> [2007/06/29 19:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}" [HKLM] -> C:\Program Files\FlashGet\flashget.exe [FlashGet] -> [2007/06/29 19:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6618 domain(s) found. ->
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6617 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6617 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6617 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\] > -> HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-484763869-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [Solitaire Showdown Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194533315765 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [HKLM] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab [ActiveScan Installer Class] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{FE6685E5-269D-46EA-A43E-E52FCA78EF34}\\NameServer -> 202.156.1.48,202.156.1.58 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2006/02/28 20:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/19 17:54:04 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" -> C:\Program Files\NCsoft\Exteel\System\Exteel.exe [C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel] -> File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Owner\Desktop\lancraft.exe" -> C:\Documents and Settings\Owner\Desktop\lancraft.exe [C:\Documents and Settings\Owner\Desktop\lancraft.exe:*:Enabled:lancraft] -> [2002/07/12 01:40:00 | 00,713,216 | ---- | M] ()
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" -> C:\Documents and Settings\Owner\Desktop\utorrent.exe [C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent] -> [2009/12/23 14:30:43 | 00,289,584 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Autodesk\Maya8.5\bin\maya.exe" -> C:\Program Files\Autodesk\Maya8.5\bin\maya.exe [C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya] -> [2007/06/07 05:58:32 | 00,225,280 | ---- | M] (Autodesk)
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/08/19 17:54:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/12/12 09:42:09 | 01,143,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Bothtec\MacrossVOXP\mcr.exe" -> C:\Program Files\Bothtec\MacrossVOXP\mcr.exe [C:\Program Files\Bothtec\MacrossVOXP\mcr.exe:*:Enabled:MACROSS VO] -> File not found
"C:\Program Files\FlashGet\flashget.exe" -> C:\Program Files\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget] -> [2007/06/29 19:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
"C:\Program Files\Garena\Garena.exe" -> C:\Program Files\Garena\Garena.exe [C:\Program Files\Garena\Garena.exe:*:Enabled:Garena] -> [2009/09/02 15:45:02 | 03,224,848 | ---- | M] (Garena Interactive PTE LTD)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\Hamachi\hamachi.exe" -> C:\Program Files\Hamachi\hamachi.exe [C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client] -> [2009/04/13 21:28:04 | 00,625,952 | ---- | M] (LogMeIn Inc.)
"C:\Program Files\Java\jre1.6.0\bin\javaws.exe" -> C:\Program Files\Java\jre1.6.0\bin\javaws.exe [C:\Program Files\Java\jre1.6.0\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher] -> [2007/07/01 23:36:13 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\KVIrc\kvirc.exe" -> C:\Program Files\KVIrc\kvirc.exe [C:\Program Files\KVIrc\kvirc.exe:*:Enabled:kvirc] -> [2005/02/26 02:59:40 | 01,912,832 | ---- | M] ()
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe" -> C:\Program Files\Microsoft Games\Age of Mythology\aom.exe [C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2010/01/07 02:25:33 | 00,908,248 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe [C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird] -> [2009/08/22 21:41:27 | 08,318,056 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" -> C:\Program Files\NCsoft\Exteel\System\Exteel.exe [C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel] -> File not found
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" -> C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer] -> [2008/03/11 18:53:46 | 01,691,648 | ---- | M] (SQUARE ENIX CO., LTD.)
"C:\Program Files\Qianhong\Qianhong.exe" -> C:\Program Files\Qianhong\Qianhong.exe [C:\Program Files\Qianhong\Qianhong.exe:*:Enabled:Qianhong Application] -> File not found
"C:\Program Files\Steam\Steam.exe" -> C:\Program Files\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client] -> [2009/10/26 19:08:34 | 01,217,808 | ---- | M] (Valve Corporation)
"C:\Program Files\Steam\steamapps\neojava\team fortress 2\hl2.exe" -> C:\Program Files\Steam\steamapps\neojava\team fortress 2\hl2.exe [C:\Program Files\Steam\steamapps\neojava\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2009/01/16 23:31:33 | 00,098,304 | ---- | M] ()
"C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\day of defeat\hl.exe" -> C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\day of defeat\hl.exe [C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
"C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\half-life\hl.exe" -> C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\half-life\hl.exe [C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
"C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\team fortress 2\hl2.exe" -> C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\team fortress 2\hl2.exe [C:\Program Files\Steam\steamapps\ss0ul_climax@hotmail.com\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2009/12/23 20:33:15 | 00,103,736 | ---- | M] ()
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" -> C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe [C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade] -> File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2009/04/22 21:11:32 | 01,675,776 | ---- | M] (Flagship Industries, Inc.)
"C:\Program Files\Warcraft III\War3.exe" -> C:\Program Files\Warcraft III\War3.exe [C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III] -> [2009/10/22 03:14:23 | 00,471,040 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" -> C:\WINDOWS\System32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> [2006/02/28 20:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\System32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [2008/07/06 22:43:04 | 00,066,872 | ---- | M] ()
"C:\WINDOWS\system32\PnkBstrB.exe" -> C:\WINDOWS\System32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [2009/06/27 19:15:35 | 00,111,928 | ---- | M] ()
"F:\Program Files\mIRC\mirc.exe" -> F:\Program Files\mIRC\mirc.exe [F:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/06/30 17:29:09 | 00,000,000 | ---- | M] ()
D:\autorun.inf [[AutoRun] | open=h0.exe | shell\open\Command=h0.exe | ] -> D:\autorun.inf [ NTFS ] -> [2010/01/03 20:55:38 | 00,000,051 | RHS- | M] ()
E:\autoplay.exe [MZ� | ] -> E:\autoplay.exe [ CDFS ] -> [2003/05/19 02:54:20 | 00,061,440 | R--- | M] ()
E:\autorun.inf [[autorun] | open=autoplay.exe | icon=appicon.ico | | ] -> E:\autorun.inf [ CDFS ] -> [2003/02/12 15:01:48 | 00,000,050 | R--- | M] ()
F:\autorun.inf [[AutoRun] | open=h0.exe | shell\open\Command=h0.exe | ] -> F:\autorun.inf [ NTFS ] -> [2010/01/03 20:55:38 | 00,000,051 | RHS- | M] ()
G:\autorun.inf [[AutoRun] | open=h0.exe | shell\open\Command=h0.exe | ] -> G:\autorun.inf [ NTFS ] -> [2010/01/03 20:55:38 | 00,000,051 | RHS- | M] ()
H:\autorun.inf [[AutoRun] | open=h0.exe | shell\open\Command=h0.exe | ] -> H:\autorun.inf [ NTFS ] -> [2010/01/03 20:55:38 | 00,000,051 | RHS- | M] ()
J:\AUTORUN.INF [[autorun] | OPEN=SETUP.EXE | ICON=BW.ICO | ] -> J:\AUTORUN.INF [ CDFS ] -> [1998/12/13 22:43:32 | 00,000,040 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Owner\My Documents\OTS.exe -> [2010/01/22 00:07:19 | 00,631,808 | ---- | C] (OldTimer Tools)
Config.Msi -> C:\Config.Msi -> [2010/01/15 21:44:51 | 00,000,000 | -HSD | C]
Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2010/01/15 21:43:43 | 00,000,000 | ---D | C]
NOS -> C:\Documents and Settings\All Users\Application Data\NOS -> [2010/01/15 21:42:09 | 00,000,000 | ---D | C]
UserData -> C:\Documents and Settings\Owner\UserData -> [2010/01/11 17:27:10 | 00,000,000 | --SD | C]
_OTM -> C:\_OTM -> [2010/01/11 00:27:51 | 00,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Owner\Desktop\OTM.exe -> [2010/01/11 00:26:37 | 00,480,256 | ---- | C] (OldTimer Tools)
ESET -> C:\Program Files\ESET -> [2010/01/08 00:47:23 | 00,000,000 | ---D | C]
TFC.exe -> C:\Documents and Settings\Owner\My Documents\TFC.exe -> [2010/01/07 18:04:49 | 00,410,624 | ---- | C] (OldTimer Tools)
Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2010/01/07 02:19:50 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 02:19:45 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 02:19:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/01/07 02:19:43 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/01/07 02:19:43 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\Owner\My Documents\mbam-setup.exe -> [2010/01/06 17:12:19 | 05,061,520 | ---- | C] (Malwarebytes Corporation )
rsit -> C:\rsit -> [2010/01/06 01:33:58 | 00,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\Owner\My Documents\Downloads -> [2010/01/05 01:58:12 | 00,000,000 | ---D | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2010/01/03 21:27:23 | 00,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2010/01/03 21:26:51 | 00,000,000 | ---D | C]
erunt-setup.exe -> C:\Documents and Settings\Owner\My Documents\erunt-setup.exe -> [2010/01/03 21:26:14 | 00,791,393 | ---- | C] (Lars Hederer )
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2010/01/03 20:19:20 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2010/01/03 20:19:20 | 00,000,000 | ---D | C]
spybotsd162.exe -> C:\Documents and Settings\Owner\My Documents\spybotsd162.exe -> [2010/01/03 20:10:24 | 16,409,960 | ---- | C] (Safer Networking Limited )
Trend Micro -> C:\Program Files\Trend Micro -> [2010/01/03 20:05:04 | 00,000,000 | ---D | C]
HijackThisInstaller.exe -> C:\Documents and Settings\Owner\My Documents\HijackThisInstaller.exe -> [2010/01/03 20:04:59 | 00,812,344 | ---- | C] (Trend Micro Inc.)
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/12/09 22:23:00 | 00,000,000 | ---D | M]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/12/09 22:18:52 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2008/07/11 22:37:20 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2008/07/11 22:37:20 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/07/11 22:37:20 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/07/11 22:37:20 | 00,000,000 | ---D | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/09/19 22:26:00 | 00,000,000 | ---D | M]

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/01/22 00:23:00 | 00,000,690 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Owner\My Documents\OTS.exe -> [2010/01/22 00:07:20 | 00,631,808 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/01/21 22:23:00 | 00,000,686 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/01/21 17:40:21 | 54,428,785 | ---- | M] ()
tablet.dat -> C:\WINDOWS\System32\tablet.dat -> [2010/01/21 17:38:22 | 00,012,941 | ---- | M] ()
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/01/21 17:38:21 | 00,192,534 | ---- | M] ()
TempFile -> C:\WINDOWS\TempFile -> [2010/01/21 17:38:09 | 08,405,015 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/01/21 17:37:57 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/01/21 17:37:56 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Owner\NTUSER.DAT -> [2010/01/21 00:55:39 | 18,612,224 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/01/21 00:55:26 | 00,000,178 | -HS- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/20 17:42:34 | 00,142,495 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/01/20 17:40:35 | 00,013,646 | ---- | M] ()
RETRO1.mp3 -> C:\Documents and Settings\Owner\My Documents\RETRO1.mp3 -> [2010/01/16 17:52:33 | 68,495,488 | ---- | M] ()
BANZAI.mp3 -> C:\Documents and Settings\Owner\My Documents\BANZAI.mp3 -> [2010/01/16 17:47:57 | 52,596,736 | ---- | M] ()
SecurityCheck.exe -> C:\Documents and Settings\Owner\My Documents\SecurityCheck.exe -> [2010/01/14 01:00:20 | 00,843,187 | ---- | M] ()
OTM.exe -> C:\Documents and Settings\Owner\Desktop\OTM.exe -> [2010/01/11 00:26:39 | 00,480,256 | ---- | M] (OldTimer Tools)
Flash_Disinfector.exe -> C:\Documents and Settings\Owner\Desktop\Flash_Disinfector.exe -> [2010/01/11 00:26:18 | 00,132,597 | ---- | M] ()
esetsmartinstaller_enu.exe -> C:\Documents and Settings\Owner\My Documents\esetsmartinstaller_enu.exe -> [2010/01/08 00:47:14 | 02,672,312 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/01/07 23:45:15 | 00,058,880 | ---- | M] ()
TFC.exe -> C:\Documents and Settings\Owner\My Documents\TFC.exe -> [2010/01/07 18:04:50 | 00,410,624 | ---- | M] (OldTimer Tools)
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
Welcome_to_the_NHK_-_Puzzle.mp3 -> C:\Documents and Settings\Owner\My Documents\Welcome_to_the_NHK_-_Puzzle.mp3 -> [2010/01/06 20:42:12 | 05,955,712 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Owner\My Documents\mbam-setup.exe -> [2010/01/06 17:12:24 | 05,061,520 | ---- | M] (Malwarebytes Corporation )
RSIT.exe -> C:\Documents and Settings\Owner\Desktop\RSIT.exe -> [2010/01/06 01:33:19 | 00,781,909 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/01/04 18:05:41 | 00,371,233 | R--- | M] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk -> [2010/01/03 21:31:19 | 00,000,963 | ---- | M] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/01/03 21:27:07 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2010/01/03 21:26:55 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2010/01/03 21:26:54 | 00,000,592 | ---- | M] ()
erunt-setup.exe -> C:\Documents and Settings\Owner\My Documents\erunt-setup.exe -> [2010/01/03 21:26:21 | 00,791,393 | ---- | M] (Lars Hederer )
wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/01/03 20:55:39 | 00,000,120 | ---- | M] ()
spybotsd162.exe -> C:\Documents and Settings\Owner\My Documents\spybotsd162.exe -> [2010/01/03 20:16:02 | 16,409,960 | ---- | M] (Safer Networking Limited )
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2010/01/03 20:05:05 | 00,001,734 | ---- | M] ()
HijackThisInstaller.exe -> C:\Documents and Settings\Owner\My Documents\HijackThisInstaller.exe -> [2010/01/03 20:04:59 | 00,812,344 | ---- | M] (Trend Micro Inc.)
anoataly.exe -> C:\anoataly.exe -> [2009/12/31 18:43:08 | 00,106,496 | RHS- | M] ()
utorrent.exe -> C:\Documents and Settings\Owner\Desktop\utorrent.exe -> [2009/12/23 14:30:43 | 00,289,584 | ---- | M] (BitTorrent, Inc.)
6 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp ->

[Files - No Company Name]
BANZAI.mp3 -> C:\Documents and Settings\Owner\My Documents\BANZAI.mp3 -> [2010/01/16 17:32:26 | 52,596,736 | ---- | C] ()
RETRO1.mp3 -> C:\Documents and Settings\Owner\My Documents\RETRO1.mp3 -> [2010/01/16 17:31:31 | 68,495,488 | ---- | C] ()
SecurityCheck.exe -> C:\Documents and Settings\Owner\My Documents\SecurityCheck.exe -> [2010/01/14 01:00:20 | 00,843,187 | ---- | C] ()
Flash_Disinfector.exe -> C:\Documents and Settings\Owner\Desktop\Flash_Disinfector.exe -> [2010/01/11 00:26:14 | 00,132,597 | ---- | C] ()
esetsmartinstaller_enu.exe -> C:\Documents and Settings\Owner\My Documents\esetsmartinstaller_enu.exe -> [2010/01/08 00:47:00 | 02,672,312 | ---- | C] ()
Welcome_to_the_NHK_-_Puzzle.mp3 -> C:\Documents and Settings\Owner\My Documents\Welcome_to_the_NHK_-_Puzzle.mp3 -> [2010/01/06 20:41:50 | 05,955,712 | ---- | C] ()
RSIT.exe -> C:\Documents and Settings\Owner\Desktop\RSIT.exe -> [2010/01/06 01:33:13 | 00,781,909 | ---- | C] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/01/03 21:27:07 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2010/01/03 21:26:55 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2010/01/03 21:26:54 | 00,000,592 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/01/03 20:55:39 | 00,000,120 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk -> [2010/01/03 20:19:29 | 00,000,963 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2010/01/03 20:05:05 | 00,001,734 | ---- | C] ()
anoataly.exe -> C:\anoataly.exe -> [2009/12/31 18:42:55 | 00,106,496 | RHS- | C] ()
{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/09/20 19:29:21 | 00,000,262 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll -> [2008/06/11 09:02:34 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\WINDOWS\System32\AgCPanelSwedish.dll -> [2008/06/11 09:02:34 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\WINDOWS\System32\AgCPanelSpanish.dll -> [2008/06/11 09:02:34 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll -> [2008/06/11 09:02:34 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\WINDOWS\System32\AgCPanelPortugese.dll -> [2008/06/11 09:02:34 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\WINDOWS\System32\AgCPanelKorean.dll -> [2008/06/11 09:02:34 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\WINDOWS\System32\AgCPanelJapanese.dll -> [2008/06/11 09:02:32 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\WINDOWS\System32\AgCPanelGerman.dll -> [2008/06/11 09:02:32 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\WINDOWS\System32\AgCPanelFrench.dll -> [2008/06/11 09:02:32 | 00,058,648 | ---- | C] ()
physxcudart_20.dll -> C:\WINDOWS\System32\physxcudart_20.dll -> [2008/06/05 08:58:26 | 00,197,912 | ---- | C] ()
BlendSettings.ini -> C:\WINDOWS\BlendSettings.ini -> [2008/01/20 17:24:21 | 00,000,023 | ---- | C] ()
ZPORT4AS.dll -> C:\WINDOWS\System32\ZPORT4AS.dll -> [2007/11/08 13:50:40 | 00,011,776 | ---- | C] ()
PnkBstrK.sys -> C:\WINDOWS\System32\drivers\PnkBstrK.sys -> [2007/09/14 13:15:52 | 00,139,152 | ---- | C] ()
game.ini -> C:\WINDOWS\game.ini -> [2007/09/14 13:15:08 | 00,000,319 | ---- | C] ()
NPSWF32.dll -> C:\WINDOWS\System32\NPSWF32.dll -> [2007/08/21 17:39:55 | 02,463,976 | ---- | C] ()
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2007/08/20 01:10:09 | 00,034,308 | ---- | C] ()
haspdos.sys -> C:\WINDOWS\System32\haspdos.sys -> [2007/08/12 00:43:30 | 00,000,383 | ---- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2007/07/17 23:46:16 | 00,682,232 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/07/08 23:00:17 | 00,000,116 | ---- | C] ()
kvirc-3.2.0.ini -> C:\WINDOWS\kvirc-3.2.0.ini -> [2007/07/01 23:12:02 | 00,000,075 | ---- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2007/06/30 18:06:31 | 00,143,360 | R--- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2007/04/12 23:44:00 | 01,703,936 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2007/04/12 23:44:00 | 01,486,848 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2007/04/12 23:44:00 | 01,019,904 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2007/04/12 23:44:00 | 00,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2007/04/12 23:44:00 | 00,286,720 | ---- | C] ()
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2006/02/28 20:00:00 | 00,081,920 | ---- | C] ()
RGSS102J.dll -> C:\WINDOWS\System32\RGSS102J.dll -> [2005/08/30 00:00:00 | 00,781,312 | ---- | C] ()
RGSS102E.dll -> C:\WINDOWS\System32\RGSS102E.dll -> [2005/08/30 00:00:00 | 00,778,752 | ---- | C] ()
RGSS100J.dll -> C:\WINDOWS\System32\RGSS100J.dll -> [2005/08/30 00:00:00 | 00,771,584 | ---- | C] ()
msbuaas.dll -> C:\WINDOWS\System32\msbuaas.dll -> [2004/12/05 04:52:19 | 00,006,144 | ---- | C] ()
nl_msgs.dll -> C:\WINDOWS\System32\nl_msgs.dll -> [2003/10/13 15:09:10 | 00,049,152 | ---- | C] ()
nl_msgc.dll -> C:\WINDOWS\System32\nl_msgc.dll -> [2003/10/13 15:09:02 | 00,065,536 | ---- | C] ()

[Files/Folders - Unicode - All]
C:\????????2.torrent -> C:\人妻コスプレ喫茶2.torrent -> [2008/05/14 20:18:46 | 00,070,508 | ---- | M] ()
C:\????????2.torrent -> C:\人妻コスプレ喫茶2.torrent -> [2008/05/14 20:18:51 | 00,070,508 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\[2000fun@halofish1991][080820]???? [????Frontier] May'n & ???.rar -> C:\Documents and Settings\Owner\Desktop\[2000fun@halofish1991][080820]ライオン [マクロスFrontier] May'n ＆ 中島愛.rar -> [2008/08/18 16:31:07 | 29,455,957 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\[2000fun@halofish1991][080820]???? [????Frontier] May'n & ???.rar -> C:\Documents and Settings\Owner\Desktop\[2000fun@halofish1991][080820]ライオン [マクロスFrontier] May'n ＆ 中島愛.rar -> [2008/08/18 16:34:47 | 29,455,957 | ---- | M] ()
C:\(???5)(????)[efs] ????? (tta+cue).rar -> C:\(例大祭5)(同人音楽)[efs] 夜桜幻想郷 (tta+cue).rar -> [2009/09/23 00:13:33 | 24,856,9714 | ---- | C] ()
C:\(???5)(????)[efs] ????? (tta+cue).rar -> C:\(例大祭5)(同人音楽)[efs] 夜桜幻想郷 (tta+cue).rar -> [2009/09/23 01:31:31 | 24,856,9714 | ---- | M] ()
C:\[Audio-4U] [????] (M3-23) [efs] Atomic Heat (flac+cue+jpg) -> C:\[Audio-4U] [同人音楽] (M3-23) [efs] Atomic Heat (flac+cue+jpg) -> [2009/09/23 13:26:46 | 00,000,000 | ---D | C]
C:\[Audio-4U] [????] (M3-23) [efs] Atomic Heat (flac+cue+jpg) -> C:\[Audio-4U] [同人音楽] (M3-23) [efs] Atomic Heat (flac+cue+jpg) -> [2009/09/24 19:16:59 | 00,000,000 | ---D | M]
< End of report >

Hi bobjoe


Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.

:Files
C:\anoataly.exe


Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

How's the computer running now?

Thanks peku006

Hi peku006,

The computer`s running great! There wasn`t much performance issues, I was just very afraid of malware and all the other worms around and spreading about, since I use flashdrives quite frequently for my work.


Here is the log,


========== FILES ==========
C:\anoataly.exe moved successfully.

OTM by OldTimer - Version 3.1.5.0 log created on 01222010_225640



Thanks a lot!

Hi bobjoe

Please run Malwarebytes' Anti-Malware again

Please reply with

the Malwarebytes' Anti-Malware Log

Thanks peku006

Hi Peku006,

Here is the log!


Malwarebytes' Anti-Malware 1.44
Database version: 3576
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/24/2010 9:54:01 PM
mbam-log-2010-01-24 (21-54-01).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 283177
Time elapsed: 54 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi bobjoe

I was just very afraid of malware and all the other worms around and spreading about, since I use flashdrives quite frequently for my work.


Have you checked flashdrives with mbam or/and your virus program ?

Thanks peku006

Hi Peku006,

I`ve checked most of them that I use often. They`re currently clean for now.

Can I use the flash disinfector on the flashdrives when MBAM doesn`t detect anything on the flash drives just to be doubly sure?

And can I take the lack of anything here to mean that my computer is clean now?

Hi bobjoe


Can I use the flash disinfector on the flashdrives when MBAM doesn`t detect anything on the flash drives just to be doubly sure
You can run Flash Disinfector with other flash drives and/or other removable drives. Please do so and allow the utility to clean up those drives as well.

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete SecurityCheck from your desktop.

Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop.

Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913).

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy safe surfing! :bigthumb:

peku006

Hi peku006,

I`m just checking in to ask about the files that were moved with the OTM. Are they cleaned using the OTC as well?

I`ll post another reply later after I`ve rebooted my computer and done all that you`ve said here.

Thank you!

Hi Appro


I`m just checking in to ask about the files that were moved with the OTM. Are they cleaned using the OTC as well
Yes, like I said earlier

To remove all of the tools we used and the files and folders they created do the following:

Thanks peku006

It`s working great now!

Thanks a lot!

As this issue appears to be resolved, this topic is now closed

We are pleased to have been some help in getting you clean.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)