Spyware removal & unable to access registry keys

sld1006 · Apr 28, 2009

Dear All,

My laptop was infected with Virus.Win32.Virut.ce & several spywares (such as Adware.Powersearch_toolbar, Trojan.CWS, Trojan-Spy.VB.AWX, Backdoor.IRCBot!sd6, Trojan.Adclicker, Trojan.Generic & Win32.Delf.uc etc.) a couple of days ago & I have been using the following tools to clean up my laptop in the following order:

(1) Kaspersky Internet Security: Virus.Win32.Virut.ce
(2) Skybot: Win32.Delf.uc (Twice)
(3) SDFix: Unknown trojan (before running Spyware Doctor)
(4) Spyware Doctor: Adware.Powersearch_toolbar, Trojan.CWS, Trojan-Spy.VB.AWX, Backdoor.IRCBot!sd6, Trojan.Adclicker, Trojan.Generic

After seeing SDFix report, I noted that there are two "hidden" registry entries which I cannot view using regedit, nor can I set set permission to both keys (even at Safe Mode as Administrator). I received an error message "Cannot open [key name]: Error while opening key" when I tried to view both keys.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}]

Could someone kindly have a look at my Hijackthis log and SDFix report and advise whether there still spywares running and how I can unlock these two keys? Please note that I am running XP Home Edition so I cannot run gpedit.msc.

Thank you very much for your time and help!

Hijackthis log:

---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:39, on 28/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\DllHost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
D:\Program Files\cFosSpeed\spd.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\WINDOWS\system32\IFXTCS.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
D:\WINDOWS\system32\IFXSPMGT.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Infineon\Security Platform Software\PSDrt.exe
D:\Program Files\Infineon\Security Platform Software\SpTna.exe
D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\cFosSpeed\cFosSpeed.exe
D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe
D:\Program Files\Wireless Console 2\wcourier.exe
D:\Program Files\ASUS\Splendid\ACMON.exe
D:\Program Files\ASUS\ATK Media\DMEDIA.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\ATK0100\HControl.exe
D:\WINDOWS\system32\ACEngSvr.exe
D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\ATK0100\ATKOSD.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\BOINC\boincmgr.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\BOINC\boinc.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.00_windows_intelx86.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Hide IP NG\hideipng.exe
D:\Program Files\Hide IP NG\guardian.exe
D:\WINDOWS\System32\wudfhost.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Spyware Doctor\pctsGui.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\WINDOWS\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe D:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Power_Gear] D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVGIDS] "D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Wireless Console 2] D:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACMON] D:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HControl] D:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Highlight - D:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - D:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - D:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - D:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - D:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - D:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - D:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.asml.com
O15 - Trusted Zone: *.asml.nl
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://portal12.asml.com/livelinksupport/webedit/lledit.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: AVGIDSAgent - AVG - D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFosSpeed\spd.exe
O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Unknown owner - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9c83360d18180) (gupdate1c9c83360d18180) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - D:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - D:\WINDOWS\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - D:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 20298 bytes
------------------------------

SDFix report:

------------------------------
SDFix: Version 1.240
Run by user on 27/04/2009 at 23:07

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

D:\DOCUME~1\user\LOCALS~1\Temp\tmp77.tmp - Deleted
D:\DOCUME~1\user\LOCALS~1\Temp\tmpC0.tmp - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 23:45:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Ye\xb2\x20acè\x90\31j\x2013nwiøf ?(?T?r?u?e?T?y?p?e?)?"="BIAUKAI.TTF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}]
"abfloenbhmjgckjldlfooadahbeejpaelp"=hex:64,62,6c,6a,63,61,6b,62,69,61,62,67,63,6d,70,65,62,69,68,61,6d,..
"bbfloenbhmjgckjldlgopalnfljemboomipk"=hex:61,62,69,69,6b,6f,64,66,65,70,63,6d,65,6e,6b,69,65,68,63,6d,61,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Program Files\\GleeCube\\DIGIZON.exe"="D:\\Program Files\\GleeCube\\DIGIZON.exe:*:Enabled

IGIZON.exe"
"D:\\Program Files\\DNA\\btdna.exe"="D:\\Program Files\\DNA\\btdna.exe:*:Enabled

NA"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\PPStream\\PPStream.exe"="D:\\Program Files\\PPStream\\PPStream.exe:*:Enabled

PSÖ›¶‡æ‡Òà"
"D:\\Program Files\\PPStream\\PPSAP.exe"="D:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled

PS Ö›¶‡¬àÓë’ö"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"\\??\\D:\\WINDOWS\\system32\\winlogon.exe"="\\??\\D:\\WINDOWS\\system32\\winlogon.exe:*:enabled

shell32.dll,-1"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - D:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 16 Sep 2008 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 26 May 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
-------------------------------

Shaba · Apr 29, 2009

Hi sld1006

Please post next kaspersky report.

sld1006 · Apr 29, 2009

Kaspersky report

Dear Shaba,

Thank you very much for you reply. Sorry that my request for help was addressed to wrong people.

I didn't know which Kaspersky report (Internet Security 2009) you referred to so I only include the scan report and hope this is the information you requested. As you can see, my laptop is heavily infected with viruses and trojans so I only inlcude a short summary of the scan results to save space and your time.

The first scan on 25 April mainly detected Virus.Win32.Virut.ce, HEUR:Trojan.Win32.Invader and HEUR:Virus.Win32.Generic on my portable HD and they were indicated as "disinfected".

The second scan on 25 april picked up HEUR:Trojan.Win32.Invader and HEUR:Virus.Win32.Generic again on my portable HD.

The first scan today (29 April) detected new trojan (Trojan-Clicker.HTML.IFrame.aga) and Kaspersky has said those htm files have been "disinfected". I don't know how the new infection came from and it's possible that all the htm files have been infected today.

For your information, the scanned were conducted on a re-installed version of XP (using revovery CD) on C drive so I suppose it is "clean". The XP system I normally use is installed on D drive (different partition of the same HD) and that's the system which is having much trouble now. I am reluctant to re-install the system because it has too much stuff and it will take a long time to do it. If necessary, this may be the only way to solve the problem.

I will scan my portable HD and see whether it's really clean.

Thank you again for your time and kind help.

Here is a summary of the scan results:

-------------------------------------
First scan 25 April (407 events)

F is a portable HD drive

Detected: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006887.exe
Untreated: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006887.exe Postponed
Detected: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006905.exe
Untreated: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006905.exe Postponed
Detected: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006923.exe
Detected: HEUR:Trojan.Win32.Invader F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006960.exe
Untreated: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006962.exe Postponed
Detected: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006963.exe
Detected: Virus.Win32.Virut.ce F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006964.exe
Untreated: HEUR:Trojan.Win32.Invader F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006960.exe Postponed
Detected: HEUR:Virus.Win32.Generic F:\System Volume Information\_restore{A47CA85B-5AB9-4090-9AD5-D8F98322C311}\RP12\A0006960.exe

Second scan 25 April (8 events)

Detected: HEUR:Trojan.Win32.Invader F:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASPanel.exe
Untreated: HEUR:Trojan.Win32.Invader F:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASPanel.exe Postponed
Detected: HEUR:Virus.Win32.Generic F:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASPanel.exe
Detected: HEUR:Trojan.Win32.Invader F:\Program Files\K-Lite Codec Pack\filters\ac3config.exe
Untreated: HEUR:Trojan.Win32.Invader F:\Program Files\K-Lite Codec Pack\filters\ac3config.exe Postponed
Detected: HEUR:Virus.Win32.Generic F:\Program Files\K-Lite Codec Pack\filters\ac3config.exe

First can 29 April (30755 events)

Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\3.2\upsellCache\creation.html
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\3.2\upsellCache\calendar.html
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\3.2\upsellCache\fix.html
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.htm
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.htm
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.htm Postponed
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.htm Postponed
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm Postponed
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.htm
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.htm Postponed
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.htm

Lots of htm files in temporaty internet file folder

Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0CMAHV9P\adb[1].htm
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0CMAHV9P\ad_ticker[1].htm Postponed
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0CMAHV9P\adb[1].htm Postponed
Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0CMAHV9P\CA0TGHY1.htm
Untreated: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0CMAHV9P\CA0TGHY1.htm Postponed

Lots of htm files in D:\Documents and Settings\user\My Documents\My Stationery

Detected: Trojan-Clicker.HTML.IFrame.aga D:\Documents and Settings\user\My Documents\My Stationery\ArtDeco.htm

Lots of infected htm files in D:\Program Files\Adobe\ including Adobe Reader 8.0, Adobe 8.0 and Photoshop Album Starter Edition

Detected: Trojan-Clicker.HTML.IFrame.aga D:\Program Files\Adobe\Acrobat 8.0\Liesmich.htm

Lots of htm files in D:\Program Files\Brother\ (printer utility)

D:\Program Files\Brother\Brmfl07a\howtousebrotherpc.htm

etc.

Shaba · Apr 30, 2009

OK, looks like you might have virut infection.

Do another scan with kaspersky and post back what it found now.

sld1006 · Apr 30, 2009

Kaspersky report (2) & old trojans keep coming back

Dear Shaba,

Thank you for your quick reply. I have spent the whole day using different tools (Kaspersky Internet Security 2009, Spyware Doctor, ClamWin Portable and Spybot) and here are the scan results:

Kaspersky Internet Security 2009: No virus was found. Only a list of vulnerable files is provided. I will post the list at the end of my message.

Spyware Doctor: Adware.SuperUtiBar, Trajan-Spy.VB.AWX, Spyware.Known_Bad_Sites and Trojan.Generic were found. This is the second time they are detected

ClamWin Portable: No virus was found.

Spybot: Win32.Delf.uc. This is the third time this malware is detected and points to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\D:\WINDOWS\system32\winlogon.exe.

In addition, I am still unable to access the following two registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}]

It seems that Spyware Doctor and Spybot cannot remove Adware.SuperUtiBar, Trajan-Spy.VB.AWX, Spyware.Known_Bad_Sites and Trojan.Generic Win32.Delf.uc and they simply keep coming back.

I hope that I have provided you with enough information. Do you know any tool I can use to manually reset permission for these two keys? I can't even change permission to both keys as Administrator under Safe Mode and something is probably wrong.

Thank you again for your time and advice.

Kaspersky results:

-------------------------------------------------------
30/04/2009 13:15:43 Task started
30/04/2009 13:59:22 Detected: http://www.viruslist.com/en/advisories/33901 C:\Program Files\Adobe\Acrobat

7.0\Reader\AcroRd32.dll
30/04/2009 14:03:58 Detected: http://www.viruslist.com/en/advisories/34900 C:\Program

Files\Google\Chrome\Application\1.0.154.53\chrome.dll
30/04/2009 14:11:03 Detected: http://www.viruslist.com/en/advisories/33954 C:\Program Files\Microsoft

Office_Old\Office\EXCEL.EXE
30/04/2009 14:47:13 Detected: http://www.viruslist.com/en/advisories/26027

C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\flash.ocx
30/04/2009 15:08:25 Detected: http://www.viruslist.com/en/advisories/29434 D:\Documents and Settings\All

Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib
30/04/2009 15:08:29 Detected: http://www.viruslist.com/en/advisories/29434 D:\Documents and Settings\All

Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}\mia.lib
30/04/2009 16:05:57 Detected: http://www.viruslist.com/en/advisories/31744 D:\Program Files\Common

Files\Microsoft Shared\Office10\MSO1.DLL
30/04/2009 16:15:13 Detected: http://www.viruslist.com/en/advisories/33196 D:\Program Files\DivX\DivX Web

Player\npdivx32.dll
30/04/2009 16:16:20 Detected: http://www.viruslist.com/en/advisories/33062 D:\Program

Files\Google\Chrome\Application\2.0.172.6\gears.dll
30/04/2009 16:24:47 Detected: http://www.viruslist.com/en/advisories/33196 D:\Program Files\Mozilla

Firefox\plugins\npdivx32.dll
30/04/2009 16:59:33 Detected: http://www.viruslist.com/en/advisories/15255 D:\WINDOWS\system32

\Adobe\SVG Viewer 3.0\SVGCore.dll
30/04/2009 17:03:07 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
30/04/2009 17:03:07 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
30/04/2009 17:03:07 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
30/04/2009 17:03:23 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
30/04/2009 17:06:14 Detected: http://www.viruslist.com/en/advisories/29434 D:\Documents and Settings\All

Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib
30/04/2009 17:06:14 Detected: http://www.viruslist.com/en/advisories/29434 D:\Documents and Settings\All

Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}\mia.lib
30/04/2009 17:27:47 Detected: http://www.viruslist.com/en/advisories/31744 D:\Program Files\Common

Files\Microsoft Shared\Office10\MSO1.DLL
30/04/2009 17:28:35 Detected: http://www.viruslist.com/en/advisories/33196 D:\Program Files\DivX\DivX Web

Player\npdivx32.dll
30/04/2009 17:28:45 Detected: http://www.viruslist.com/en/advisories/33062 D:\Program

Files\Google\Chrome\Application\2.0.172.6\gears.dll
30/04/2009 17:29:55 Detected: http://www.viruslist.com/en/advisories/33196 D:\Program Files\Mozilla

Firefox\plugins\npdivx32.dll
30/04/2009 17:38:08 Detected: http://www.viruslist.com/en/advisories/15255 D:\WINDOWS\system32

\Adobe\SVG Viewer 3.0\SVGCore.dll
30/04/2009 17:39:21 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
30/04/2009 17:39:21 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
30/04/2009 17:39:21 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
30/04/2009 17:39:26 Detected: http://www.viruslist.com/en/advisories/23655

D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
30/04/2009 17:39:48 Task completed

Shaba · May 1, 2009

Kaspersky report is fine.

Please post spyware doctor report next

sld1006 · May 1, 2009

Spyware Doctor Report

Hi Shaba,

Please find the following scan report from Spyware Doctor. I don't include Application.TrackingCookies, Adware.Advertising and Application.NirCmd which is related to ERDNT.

Because I am having some trouble with drivers after the infection (the laptop keeps rebooting itself), I will do a repair install of XP this weekend. From I have heard, a repair install keeps the original settings.

These malwares detected by Spyware Doctor were indeed removed but I guess they will appear again just like yesterday.

Look forward to hearing from you soon and wish you a good weekend.

Skyware report:

--------------------------------------------------------
30/04/2009 13:32:12:515 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=serial+number+driver+update+pro&type=serials=26872

30/04/2009 13:32:16:250 Infection was detected on this computer
Threat Name - Adware.SuperUtilBar
Type - Favourite
Risk Level - Medium
Infection - www.duote.com : http://www.duote.com/?js3987&r=http://www.jb51.net/article/14016.htm=42893

30/04/2009 13:32:21:125 Infection was detected on this computer
Threat Name - Trojan-Spy.VB.AWX
Type - Favourite
Risk Level - High
Infection - www.nirsoft.net : http://www.nirsoft.net/utils/=55375

30/04/2009 13:32:21:156 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=serial+advanced+archive+password+recovery+4.52&type=serials=55391

30/04/2009 13:32:21:234 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - astalavista.box.sk : http://astalavista.box.sk/cgi-bin/r...chive+Password+Recovery&submit=+search+=55392

30/04/2009 13:32:21:234 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/top.html=55393

30/04/2009 13:32:21:234 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=archpr+4.52+serial&type=serials=55395

30/04/2009 19:45:37:656 Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1214440339-1788223648-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr

30/04/2009 19:49:27:812 Scan Finished
Scan Type - Full Scan
Items Processed - 463906
Threats Detected - 7
Infections Detected - 92
Infections Ignored - 0

30/04/2009 19:53:54:78 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=archpr+4.52+serial&type=serials=55395

30/04/2009 19:53:54:78 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/top.html=55393

30/04/2009 19:53:54:109 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - astalavista.box.sk : http://astalavista.box.sk/cgi-bin/r...chive+Password+Recovery&submit=+search+=55392

30/04/2009 19:53:54:140 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=serial+advanced+archive+password+recovery+4.52&type=serials=55391

30/04/2009 19:53:54:296 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=serial+number+driver+update+pro&type=serials=26872

30/04/2009 19:54:15:875 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=archpr+4.52+serial&type=serials=55395

30/04/2009 19:54:16:578 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/top.html=55393

30/04/2009 19:54:17:718 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - astalavista.box.sk : http://astalavista.box.sk/cgi-bin/r...chive+Password+Recovery&submit=+search+=55392

30/04/2009 19:54:18:687 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=serial+advanced+archive+password+recovery+4.52&type=serials=55391

30/04/2009 19:54:20:109 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Favourite
Risk Level - High
Infection - www.thekeys.ws : http://www.thekeys.ws/?look=serial+number+driver+update+pro&type=serials=26872

30/04/2009 19:54:20:359 Infection quarantined
Threat Name - Adware.SuperUtilBar
Type - Favourite
Risk Level - Medium
Infection - www.duote.com : http://www.duote.com/?js3987&r=http://www.jb51.net/article/14016.htm=42893

30/04/2009 19:54:21:265 Infection cleaned
Threat Name - Adware.SuperUtilBar
Type - Favourite
Risk Level - Medium
Infection - www.duote.com : http://www.duote.com/?js3987&r=http://www.jb51.net/article/14016.htm=42893

30/04/2009 19:54:21:375 Infection quarantined
Threat Name - Trojan-Spy.VB.AWX
Type - Favourite
Risk Level - High
Infection - www.nirsoft.net : http://www.nirsoft.net/utils/=55375

30/04/2009 19:54:22:546 Infection cleaned
Threat Name - Trojan-Spy.VB.AWX
Type - Favourite
Risk Level - High
Infection - www.nirsoft.net : http://www.nirsoft.net/utils/=55375

30/04/2009 19:54:22:906 Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1214440339-1788223648-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr

30/04/2009 19:54:23:62 Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1214440339-1788223648-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr

30/04/2009 19:54:53:671 Infections Quarantined/Removed Summary
Quarantined - 8
Quarantine Failed - 0
Removed - 10
Remove Failed - 0

Shaba · May 1, 2009

Some of those might be false positives, nirsoft ones at least are.

Download gmer.zip and save to your desktop.
alternate download site

Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

sld1006 · May 2, 2009

Gmer reports

Hi Shaba,

Thank you again for your quick reply and I hope you are enjoying your Staurday so far.

I downloaded Gmer as suggested yesterday and you seem to have a magic tool since I could see the two previously locked ("hidden") registry keys.

After some short struggle I have manged to change ownership of one key but the other key ([HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}]) is still locked under nomal and safe mode with whatever login accounts.

I did try to make a "repair" install of my English XP but sometimes the boot just stops before the login screen (even with Last Good Known Configuration it did not work) and this also affects the other (Chinese) XP system as well with an error message after login. I hope this is not permanent hardware failure because this did not happen before my laptop was infected. If you need the error code please let me know.

For your information, I did another scan with Spybot and guess what? Win32.Delf.uc is back again the fourth time! Is it a nasty malware since a lot people on this forum seem to have this problem?

Here are the two scan reports of Gmer, the first one was done under safe mode and login as Administrator. The second one was done under normal mode and login as my usual account.

Thank you again for your help and wish you a good day.

Gmer report under safe mode:

-----------------------------------------
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-02 07:17:33
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7483506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7472240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7472432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7483CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7483F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF74823EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF74843EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74837B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7471EF0]

---- User code sections - GMER 1.0.15 ----

.text D:\WINDOWS\system32\csrss.exe[236] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03920001
.text D:\WINDOWS\system32\winlogon.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01370001
.text D:\WINDOWS\system32\lsass.exe[316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text D:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text ...
.text D:\WINDOWS\Explorer.EXE[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat B9D63D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Gmer report under normal mode:

------------------------------------
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-02 13:41:32
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB6AE51DA]
SSDT \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwClose [0xBABA18A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB6AE71EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB6AE6B9C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6F4506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6E3240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6E3432]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB6AE8B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB6AE55AE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6F4CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6F4F88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB6AE6EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB6AE9084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB6AE50A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB6AE5110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB6AE6D5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB6AE8620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB6AE69F8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6F33EC]
SSDT \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xBABA18D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB6AE8BA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB6AE52FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB6AE5178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB6AE4E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB6AE4C5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB6AE8888]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6F53EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB6AE45D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB6AE7A74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB6AE4734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB6AE8F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB6AE43D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB6AE708C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB6AE56AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB6AE871A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB6AE8BD0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6F47B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB6AE8CB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB6AE8DE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB6AE854C]
SSDT \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xBABA1980]
SSDT \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xBABA1A20]
SSDT \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xBABA1AC0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B6AFC626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B6AFC9E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C40 805044DC 4 Bytes JMP 7CB6AE71
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [B4, 8C, AE, B6, E0, 8D, AE, ...]

---- User code sections - GMER 1.0.15 ----

? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1280] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1280] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
.text D:\WINDOWS\system32\SearchIndexer.exe[2564] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C D:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2800] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2800] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA0F9530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA0F9530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \FileSystem\Fastfat \Fat ACEE9D20
Device \FileSystem\Fastfat \Fat ACF01631

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}@abfloenbhmjgckjldlfooadahbeejpaelp 0x64 0x62 0x6C 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04AD58E5-A89C-AF0E-C81F-6CD11CF1E446}@bbfloenbhmjgckjldlgopalnfljemboomipk 0x61 0x62 0x69 0x69 ...

---- Files - GMER 1.0.15 ----

File D:\System Volume Information\catalog.wci\CiFLfffc.000 0 bytes
File D:\System Volume Information\catalog.wci\CiFLfffc.001 0 bytes
File D:\System Volume Information\catalog.wci\CiFLfffc.002 0 bytes

---- EOF - GMER 1.0.15 ----

Shaba · May 2, 2009

Please post next spybot report

sld1006 · May 2, 2009

Spybot report

Hi Shaba,

This is the "new" trojan. It seems that it changes location each time (it was under ControlSet002 yesterday but I didn't remove it). I will remove it this time with Spybot but I guess it will appear somewhere else.

I think I have found out what caused the boot to stop. It was the Ethernet NIC device driver which was probably corrupted by the previous infection. I have tried to re-install the driver but it doesn't seem to work.

Thanks again.

Win32.Delf.uc: [SBI $60B5F410] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\D:\WINDOWS\system32\winlogon.exe

Shaba · May 3, 2009

That is not infection itself, but infection has added rule for winlogon.exe to access internet.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

sld1006 · May 3, 2009

RSIT report (log.txt)

Hi Shaba,

Thanks for getting back. The laptop still stops booting before the login screen (re-started 3 times to get in). I did tried to re-install Ethernet NIC driver under safe mode but received a message "can't execute Kernel Mode Driver Service". Do this and the locked registry key have something to do with rules as well?

I ran RSIT and an interesting file (catchme.sys) is found under the Temp dictionary. I will take no action at this stage and wait for your further instructions. Because the whole text is too long, I will post info.ext in another message.

Thanks again.

Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-05-03 13:31:21
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 17 GB (37%) free of 45 GB
Total RAM: 2047 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:40, on 03/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
D:\Program Files\cFosSpeed\spd.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\cFosSpeed\cFosSpeed.exe
D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe
D:\Program Files\Wireless Console 2\wcourier.exe
D:\Program Files\ASUS\Splendid\ACMON.exe
D:\Program Files\ASUS\ATK Media\DMEDIA.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\ATK0100\HControl.exe
D:\WINDOWS\system32\ACEngSvr.exe
D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\ATK0100\ATKOSD.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\BOINC\boinc.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Intel\WiFi\bin\ZCfgsvc.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\Common Files\Intel\WirelessCommon\ifrmewrk.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
C:\Download\RSIT\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Trend Micro\HijackThis\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Power_Gear] D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVGIDS] "D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Wireless Console 2] D:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACMON] D:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HControl] D:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Highlight - D:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - D:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - D:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - D:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - D:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - D:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - D:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.asml.com
O15 - Trusted Zone: *.asml.nl
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://portal12.asml.com/livelinksupport/webedit/lledit.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: APSHook.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: OneCard - D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (file missing)
O23 - Service: AVGIDSAgent - AVG - D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFosSpeed\spd.exe
O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Unknown owner - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 19614 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
D:\WINDOWS\tasks\Norton Security Scan for user.job
D:\WINDOWS\tasks\Security Platform Backup Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-15 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-03-16 208952]
"PHIME2002ASync"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-09-06 7585792]
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2006-09-06 86016]
"Power_Gear"=D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2009-04-24 94208]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2009-04-24 159744]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2009-04-24 1398784]
"TkBellExe"=D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-15 185872]
"cFosSpeed"=D:\Program Files\cFosSpeed\cFosSpeed.exe [2009-02-13 876760]
"PaperPort PTD"=D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVGIDS"=D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe [2009-02-26 1579528]
"AVP"=D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-04-25 206088]
"Wireless Console 2"=D:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"ACMON"=D:\Program Files\ASUS\Splendid\ACMON.exe [2006-05-30 811008]
"ATKMEDIA"=D:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-06-08 53248]
"Google Quick Search Box"=D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-26 68592]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-04-26 148888]
"HControl"=D:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592]
"nwiz"=nwiz.exe /install []
"SMSERIAL"=D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-04-24 790528]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2009-04-24 17510400]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2009-04-24 57344]
"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"IntelZeroConfig"=D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064]
"IntelWireless"=D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2009-04-24 1592320]
"MtdAcqu"=C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [2006-03-08 278528]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=D:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"PeerGuardian"=D:\Program Files\PeerGuardian2\pg2.exe [2009-04-24 1432064]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

D:\Documents and Settings\user\Start Menu\Programs\Startup
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
D:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{42AE1DA1-FF60-4435-A81F-9B6538F865A6}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktop"=0
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Program Files\Yahoo!\Messenger\YServer.exe"="D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Program Files\GleeCube\DIGIZON.exe"="D:\Program Files\GleeCube\DIGIZON.exe:*:Enabled

IGIZON.exe"
"D:\Program Files\DNA\btdna.exe"="D:\Program Files\DNA\btdna.exe:*:Enabled

NA"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\Program Files\PPStream\PPStream.exe"="D:\Program Files\PPStream\PPStream.exe:*:Enabled

PSÍøÂçµçÊÓ"
"D:\Program Files\PPStream\PPSAP.exe"="D:\Program Files\PPStream\PPSAP.exe:*:Enabled

PS ÍøÂç¼ÓËÙÆ÷"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"\??\D:\WINDOWS\system32\winlogon.exe"="\??\D:\WINDOWS\system32\winlogon.exe:*:enabled

shell32.dll,-1"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a16baca-9a51-11dc-b3ae-0018f3d7fb8b}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7015a80d-41cb-11dc-b340-0018f3d7fb8b}]
shell\AutoRun\command - F:\GETSYSTEMINFO1.EXE

======List of files/folders created in the last 1 months======

2009-05-03 13:31:21 ----D---- D:\rsit
2009-05-03 13:22:25 ----D---- D:\WINDOWS\LastGood
2009-05-03 13:22:23 ----A---- D:\WINDOWS\system32\NETw5r32.dll
2009-05-03 13:22:20 ----A---- D:\WINDOWS\system32\NETw5c32.dll
2009-05-01 23:16:00 ----HDC---- D:\WINDOWS\$NtUninstallKB941569$
2009-05-01 23:00:23 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$
2009-05-01 23:00:02 ----HDC---- D:\WINDOWS\$NtUninstallKB951978$
2009-05-01 22:58:01 ----N---- D:\WINDOWS\system32\spmsg.dll
2009-05-01 22:57:57 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$
2009-05-01 22:40:11 ----D---- D:\WINDOWS\Prefetch
2009-05-01 22:34:40 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-01 22:34:22 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2009-05-01 22:33:21 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2009-05-01 22:33:04 ----HDC---- D:\WINDOWS\$NtUninstallKB955839$
2009-05-01 22:32:32 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$
2009-05-01 22:31:53 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$
2009-05-01 22:30:46 ----HDC---- D:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-01 22:30:12 ----HDC---- D:\WINDOWS\$NtUninstallKB953155$
2009-05-01 22:29:54 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$
2009-05-01 22:29:34 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2009-05-01 22:29:19 ----HDC---- D:\WINDOWS\$NtUninstallKB958687$
2009-05-01 22:29:01 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$
2009-05-01 22:28:38 ----HDC---- D:\WINDOWS\$NtUninstallKB967715$
2009-05-01 22:28:21 ----HDC---- D:\WINDOWS\$NtUninstallKB951066$
2009-05-01 22:27:39 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$
2009-05-01 22:27:07 ----HDC---- D:\WINDOWS\$NtUninstallKB954600$
2009-05-01 22:26:47 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2009-05-01 22:26:33 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2009-05-01 22:26:13 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$
2009-05-01 21:44:05 ----HDC---- D:\WINDOWS\$NtServicePackUninstall$
2009-05-01 20:11:41 ----RAH---- D:\WINDOWS\system32\logonui.exe.manifest
2009-05-01 19:48:55 ----A---- D:\WINDOWS\pnplog.txt
2009-05-01 19:36:25 ----A---- D:\WINDOWS\system32\irclass.dll
2009-05-01 19:36:24 ----A---- D:\WINDOWS\system32\spxcoins.dll
2009-05-01 19:36:05 ----RA---- D:\WINDOWS\SET108.tmp
2009-05-01 19:35:55 ----RA---- D:\WINDOWS\SETD5.tmp
2009-05-01 19:35:50 ----RA---- D:\WINDOWS\SETC9.tmp
2009-05-01 19:35:48 ----RA---- D:\WINDOWS\SETC6.tmp
2009-05-01 00:59:04 ----D---- D:\WINDOWS\system32\appmgmt
2009-04-30 13:12:15 ----D---- D:\Program Files\Hide IP NG
2009-04-30 12:44:55 ----D---- D:\Program Files\Common Files\PC Tools
2009-04-30 12:44:44 ----D---- D:\Program Files\Spyware Doctor
2009-04-30 12:44:44 ----D---- D:\Documents and Settings\user\Application Data\PC Tools
2009-04-30 12:44:44 ----D---- D:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-30 01:01:41 ----D---- D:\WINDOWS\Registry Drill
2009-04-30 01:01:41 ----D---- D:\Program Files\Easy Desk Utilities
2009-04-30 01:01:21 ----A---- D:\WINDOWS\Registry Drill Setup Log.txt
2009-04-28 20:58:23 ----D---- D:\Program Files\Norton Security Scan
2009-04-28 20:57:08 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-28 20:14:48 ----D---- D:\Program Files\Lavasoft RegHance
2009-04-27 23:36:15 ----D---- D:\Documents and Settings\user\Application Data\WinRAR
2009-04-27 23:01:50 ----D---- D:\WINDOWS\ERUNT
2009-04-27 22:44:14 ----D---- D:\SDFix
2009-04-27 20:23:50 ----D---- D:\Program Files\Trend Micro
2009-04-27 00:24:05 ----D---- D:\Program Files\WinZip
2009-04-26 22:53:11 ----A---- D:\WINDOWS\Wingotm.dll
2009-04-26 22:53:06 ----A---- D:\WINDOWS\system32\MrDraw.dll
2009-04-26 22:53:03 ----D---- D:\Going32
2009-04-26 18:11:20 ----D---- D:\Documents and Settings\All Users\Application Data\Intel
2009-04-26 18:11:08 ----D---- D:\Documents and Settings\user\Application Data\Intel
2009-04-26 17:30:13 ----A---- D:\WINDOWS\system32\CTSVCCTL.EXE
2009-04-26 17:30:13 ----A---- D:\WINDOWS\system32\CTSVCCDA.EXE
2009-04-26 16:36:41 ----D---- D:\Program Files\Common Files\Creative
2009-04-26 15:19:15 ----D---- D:\WINDOWS\system32\FxsTmp
2009-04-26 15:17:54 ----A---- D:\WINDOWS\ModemLog_Nokia 7390 Bluetooth Modem.txt
2009-04-26 15:17:42 ----A---- D:\WINDOWS\system32\fxssend.exe
2009-04-26 15:17:42 ----A---- D:\WINDOWS\system32\fxsroute.dll
2009-04-26 15:17:42 ----A---- D:\WINDOWS\system32\fxsperf.ini
2009-04-26 15:17:42 ----A---- D:\WINDOWS\system32\fxsclntR.dll
2009-04-26 15:17:42 ----A---- D:\WINDOWS\system32\fxscfgwz.dll
2009-04-26 15:06:31 ----A---- D:\WINDOWS\system32\RtNicProp32.dll
2009-04-26 15:01:05 ----A---- D:\WINDOWS\system32\AegisI5Installer.exe
2009-04-26 14:59:24 ----A---- D:\WINDOWS\system32\NETw4r32.dll
2009-04-26 14:59:23 ----A---- D:\WINDOWS\system32\NETw4c32.dll
2009-04-26 13:02:05 ----D---- D:\Program Files\MSN Messenger
2009-04-26 10:33:46 ----A---- D:\WINDOWS\system32\javaws.exe
2009-04-26 10:33:46 ----A---- D:\WINDOWS\system32\javaw.exe
2009-04-26 10:33:46 ----A---- D:\WINDOWS\system32\java.exe
2009-04-26 10:33:23 ----D---- D:\Program Files\Java
2009-04-26 10:32:28 ----D---- D:\Documents and Settings\user\Application Data\Sun
2009-04-26 01:04:58 ----D---- D:\Program Files\Intel
2009-04-25 22:24:24 ----D---- D:\Program Files\Spybot - Search & Destroy
2009-04-25 21:54:28 ----D---- D:\Program Files\Wireless Console 2
2009-04-25 21:54:28 ----A---- D:\WINDOWS\system32\wcourier.exe
2009-04-25 20:28:11 ----D---- D:\Program Files\Windows Installer Clean Up
2009-04-25 20:27:42 ----D---- D:\Program Files\MSECACHE
2009-04-25 19:21:28 ----D---- D:\Program Files\Kaspersky Lab
2009-04-25 19:21:28 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-25 17:10:28 ----A---- D:\WINDOWS\DUMP7242.tmp
2009-04-25 17:10:28 ----A---- D:\WINDOWS\DUMP6f92.tmp
2009-04-25 17:10:28 ----A---- D:\WINDOWS\DUMP6ed7.tmp
2009-04-25 17:10:28 ----A---- D:\WINDOWS\DUMP6c37.tmp
2009-04-25 17:10:28 ----A---- D:\WINDOWS\DUMP6b1d.tmp
2009-04-21 18:16:39 ----D---- D:\Qoobox
2009-04-20 22:29:16 ----D---- D:\Program Files\ERUNT
2009-04-19 12:47:16 ----D---- D:\Program Files\iPod
2009-04-18 01:37:59 ----A---- D:\WINDOWS\HideWin.exe
2009-04-17 23:11:55 ----A---- D:\WINDOWS\system32\BrMuSNMP.dll
2009-04-17 23:11:55 ----A---- D:\WINDOWS\system32\BrMfNt.dll
2009-04-17 23:11:55 ----A---- D:\WINDOWS\system32\BRCrypt.dll
2009-04-17 20:54:00 ----D---- D:\Program Files\BoostKit
2009-04-15 00:08:59 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$
2009-04-15 00:08:52 ----HDC---- D:\WINDOWS\$NtUninstallKB961373$
2009-04-15 00:04:36 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$
2009-04-15 00:04:11 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$
2009-04-15 00:04:02 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$
2009-04-15 00:03:44 ----HDC---- D:\WINDOWS\$NtUninstallKB963027$
2009-04-15 00:03:14 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$
2009-04-14 23:55:22 ----A---- D:\WINDOWS\system32\xpsp4res.dll
2009-04-14 20:59:04 ----D---- D:\Documents and Settings\All Users\Application Data\WinZip
2009-04-13 22:41:50 ----A---- D:\WINDOWS\system32\E3TL.DLL
2009-04-13 21:56:33 ----D---- D:\Program Files\AVG
2009-04-13 21:55:01 ----D---- D:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-04-13 01:18:19 ----D---- D:\Documents and Settings\user\Application Data\Hide IP NG
2009-04-12 19:33:28 ----D---- D:\Program Files\PFPortChecker
2009-04-12 13:03:16 ----D---- D:\Program Files\PeerGuardian2
2009-04-11 13:42:10 ----D---- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

======List of files/folders modified in the last 1 months======

2009-05-03 13:31:25 ----D---- D:\WINDOWS\Temp
2009-05-03 13:29:31 ----D---- D:\Program Files\cFosSpeed
2009-05-03 13:28:21 ----D---- D:\Documents and Settings\user\Application Data\DNA
2009-05-03 13:26:40 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-05-03 13:24:48 ----D---- D:\WINDOWS\system32
2009-05-03 13:24:48 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-05-03 13:24:34 ----SHD---- D:\WINDOWS\Installer
2009-05-03 13:24:33 ----D---- D:\Config.Msi
2009-05-03 13:24:24 ----D---- D:\WINDOWS\system32\CatRoot
2009-05-03 13:24:02 ----A---- D:\WINDOWS\cFosSpeed_Setup_Log.txt
2009-05-03 13:23:42 ----D---- D:\WINDOWS\system32\drivers
2009-05-03 13:23:39 ----HD---- D:\WINDOWS\inf
2009-05-03 13:22:57 ----D---- D:\WINDOWS\system32\ReinstallBackups
2009-05-03 13:22:26 ----DC---- D:\WINDOWS\system32\DRVSTORE
2009-05-03 13:22:25 ----D---- D:\WINDOWS
2009-05-03 13:18:20 ----D---- D:\Program Files\DNA
2009-05-03 13:16:33 ----A---- D:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2009-05-03 13:15:55 ----D---- D:\WINDOWS\system32\CatRoot2
2009-05-03 13:15:39 ----SD---- D:\WINDOWS\Tasks
2009-05-03 13:15:32 ----RD---- D:\Program Files
2009-05-03 13:04:32 ----A---- D:\WINDOWS\ntbtlog.txt
2009-05-03 00:21:49 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-05-03 00:05:28 ----D---- D:\Program Files\Google
2009-05-02 23:15:18 ----HD---- D:\Program Files\InstallShield Installation Information
2009-05-02 22:31:06 ----D---- D:\Program Files\Mozilla Firefox
2009-05-01 23:18:56 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-05-01 23:18:50 ----HDC---- D:\WINDOWS\$NtUninstallKB959772_WM11$
2009-05-01 23:16:08 ----A---- D:\WINDOWS\imsins.BAK
2009-05-01 23:00:50 ----HDC---- D:\WINDOWS\$NtUninstallKB960225$
2009-05-01 23:00:27 ----D---- D:\Program Files\Messenger
2009-05-01 22:57:20 ----D---- D:\Program Files\Windows Media Player
2009-05-01 22:57:20 ----D---- D:\Program Files\Windows Media Connect 2
2009-05-01 22:40:18 ----A---- D:\WINDOWS\setuplog.txt
2009-05-01 22:39:29 ----D---- D:\WINDOWS\system32\Setup
2009-05-01 22:39:29 ----D---- D:\WINDOWS\AppPatch
2009-05-01 22:39:29 ----D---- D:\Program Files\Internet Explorer
2009-05-01 22:39:28 ----D---- D:\WINDOWS\system32\wbem
2009-05-01 22:39:26 ----RSD---- D:\WINDOWS\Fonts
2009-05-01 22:28:02 ----HDC---- D:\WINDOWS\$NtUninstallKB958690$
2009-05-01 22:19:37 ----D---- D:\WINDOWS\security
2009-05-01 22:15:50 ----D---- D:\WINDOWS\system32\config
2009-05-01 22:11:36 ----D---- D:\WINDOWS\system32\inetsrv
2009-05-01 22:09:43 ----D---- D:\WINDOWS\Help
2009-05-01 22:09:26 ----D---- D:\WINDOWS\network diagnostic
2009-05-01 22:09:26 ----D---- D:\WINDOWS\ime
2009-05-01 22:09:05 ----D---- D:\WINDOWS\system32\usmt
2009-05-01 22:09:01 ----D---- D:\WINDOWS\PeerNet
2009-05-01 22:09:01 ----D---- D:\Program Files\Movie Maker
2009-05-01 22:05:11 ----D---- D:\WINDOWS\system32\Restore
2009-05-01 22:05:11 ----D---- D:\WINDOWS\system32\npp
2009-05-01 22:05:08 ----D---- D:\WINDOWS\msagent
2009-05-01 22:05:05 ----D---- D:\WINDOWS\srchasst
2009-05-01 22:05:02 ----D---- D:\Program Files\NetMeeting
2009-05-01 22:05:00 ----D---- D:\WINDOWS\system32\Com
2009-05-01 22:04:48 ----D---- D:\Program Files\Windows NT
2009-05-01 22:04:48 ----D---- D:\Program Files\Outlook Express
2009-05-01 22:04:43 ----D---- D:\Program Files\Common Files\System
2009-05-01 22:04:02 ----D---- D:\WINDOWS\system32\oobe
2009-05-01 22:03:59 ----D---- D:\WINDOWS\system
2009-05-01 21:41:29 ----D---- D:\WINDOWS\EHome
2009-05-01 21:29:32 ----D---- D:\WINDOWS\Media
2009-05-01 21:24:50 ----D---- D:\WINDOWS\twain_32
2009-05-01 21:23:51 ----D---- D:\WINDOWS\system32\icsxml
2009-05-01 21:23:05 ----D---- D:\WINDOWS\system32\1033
2009-05-01 21:21:40 ----D---- D:\WINDOWS\WinSxS
2009-05-01 21:21:34 ----D---- D:\WINDOWS\Driver Cache
2009-05-01 21:18:32 ----HD---- D:\WINDOWS\$hf_mig$
2009-05-01 20:51:26 ----D---- D:\WINDOWS\SoftwareDistribution
2009-05-01 20:34:47 ----D---- D:\WINDOWS\ATK0100
2009-05-01 20:28:39 ----D---- D:\WINDOWS\Registration
2009-05-01 20:27:25 ----SHD---- D:\System Volume Information
2009-05-01 20:21:48 ----D---- D:\WINDOWS\nview
2009-05-01 20:18:45 ----D---- D:\WINDOWS\repair
2009-05-01 20:12:53 ----A---- D:\WINDOWS\OEWABLog.txt
2009-05-01 20:12:44 ----A---- D:\WINDOWS\ODBCINST.INI
2009-05-01 20:12:14 ----D---- D:\WINDOWS\system32\ias
2009-05-01 20:11:44 ----RD---- D:\WINDOWS\Web
2009-05-01 20:11:32 ----RAH---- D:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-01 20:11:16 ----A---- D:\WINDOWS\win.ini
2009-05-01 19:36:35 ----A---- D:\WINDOWS\system.ini
2009-05-01 19:36:06 ----ASH---- D:\Documents and Settings\All Users\Application Data\desktop.ini
2009-05-01 18:00:20 ----D---- D:\WINDOWS\Minidump
2009-04-30 12:44:55 ----D---- D:\Program Files\Common Files
2009-04-30 02:17:26 ----HD---- D:\WINDOWS\system32\GroupPolicy
2009-04-28 20:58:33 ----D---- D:\Program Files\Common Files\Symantec Shared
2009-04-28 20:57:43 ----D---- D:\Documents and Settings\All Users\Application Data\Google
2009-04-27 21:03:42 ----D---- D:\Documents and Settings\user\Application Data\BitTorrent
2009-04-26 22:40:21 ----D---- D:\Documents and Settings\user\Application Data\Skype
2009-04-26 21:21:42 ----D---- D:\Documents and Settings\user\Application Data\OfficeUpdate12
2009-04-26 18:53:44 ----HD---- D:\Program Files\Creative Installation Information
2009-04-26 18:53:21 ----D---- D:\Program Files\Creative
2009-04-26 18:51:18 ----D---- D:\Documents and Settings\All Users\Application Data\Creative
2009-04-26 18:13:25 ----A---- D:\WINDOWS\system32\results.txt
2009-04-26 15:17:42 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-26 15:17:42 ----D---- D:\WINDOWS\addins
2009-04-26 13:03:10 ----D---- D:\Program Files\Common Files\Microsoft Shared
2009-04-26 10:33:28 ----A---- D:\WINDOWS\system32\deploytk.dll
2009-04-26 02:45:22 ----D---- D:\Program Files\Asus
2009-04-26 02:21:43 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2009-04-26 01:45:15 ----A---- D:\WINDOWS\system32\lsdelete.exe
2009-04-25 23:48:56 ----D---- D:\Program Files\Windows Live Toolbar
2009-04-25 22:55:48 ----D---- D:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-04-25 22:29:55 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-25 18:21:12 ----D---- D:\Documents and Settings\All Users\Application Data\Symantec
2009-04-25 18:07:07 ----D---- D:\Program Files\QuickTime
2009-04-25 12:16:15 ----SHD---- D:\RECYCLER
2009-04-24 02:03:56 ----A---- D:\WINDOWS\unvise32qt.exe
2009-04-24 02:03:55 ----A---- D:\WINDOWS\UNNeroVision.exe
2009-04-24 02:03:54 ----A---- D:\WINDOWS\UNMRW.exe
2009-04-24 02:03:53 ----A---- D:\WINDOWS\unliu.exe
2009-04-24 02:03:53 ----A---- D:\WINDOWS\uninst.exe
2009-04-24 02:03:52 ----A---- D:\WINDOWS\uneng.exe
2009-04-24 02:03:51 ----A---- D:\WINDOWS\system32\WudfHost.exe
2009-04-24 02:03:27 ----A---- D:\WINDOWS\system32\searchprotocolhost.exe
2009-04-24 02:03:27 ----A---- D:\WINDOWS\system32\searchindexer.exe
2009-04-24 02:03:26 ----A---- D:\WINDOWS\system32\searchfilterhost.exe
2009-04-24 02:03:24 ----A---- D:\WINDOWS\system32\rundll32-1.exe
2009-04-24 02:02:19 ----A---- D:\WINDOWS\system32\pintool.exe
2009-04-24 02:02:16 ----A---- D:\WINDOWS\system32\NVUNINST.EXE
2009-04-24 02:02:16 ----A---- D:\WINDOWS\system32\nvudisp.exe
2009-04-24 02:02:11 ----A---- D:\WINDOWS\system32\NeroCheck.exe
2009-04-24 02:02:06 ----A---- D:\WINDOWS\system32\MAPISRVR.EXE
2009-04-24 02:01:59 ----A---- D:\WINDOWS\system32\ieudinit.exe
2009-04-24 02:01:58 ----A---- D:\WINDOWS\system32\HdAShCut.exe
2009-04-24 02:01:56 ----A---- D:\WINDOWS\system32\FileOps.exe
2009-04-24 02:00:27 ----A---- D:\WINDOWS\system32\DivXsm.exe
2009-04-24 02:00:21 ----A---- D:\WINDOWS\system32\ChCfg.exe
2009-04-24 02:00:16 ----A---- D:\WINDOWS\system32\ACEngSvr.exe
2009-04-24 01:58:16 ----A---- D:\WINDOWS\NuNinst.exe
2009-04-24 01:58:05 ----A---- D:\WINDOWS\IsUninst.exe
2009-04-24 01:57:46 ----A---- D:\WINDOWS\Ctregrun.exe
2009-04-24 01:57:42 ----A---- D:\WINDOWS\_MSRSTRT.EXE
2009-04-24 01:50:45 ----A---- D:\WINDOWS\vncutil.exe
2009-04-24 01:50:45 ----A---- D:\WINDOWS\SOUNDMAN.EXE
2009-04-24 01:50:44 ----A---- D:\WINDOWS\SkyTel.exe
2009-04-24 01:50:44 ----A---- D:\WINDOWS\RTLCPL.EXE
2009-04-24 01:50:41 ----A---- D:\WINDOWS\RTHDCPL.EXE
2009-04-24 01:50:35 ----A---- D:\WINDOWS\MicCal.exe
2009-04-24 01:50:34 ----A---- D:\WINDOWS\ALCWZRD.EXE
2009-04-24 01:50:33 ----A---- D:\WINDOWS\ALCMTR.EXE
2009-04-21 23:08:44 ----D---- D:\Program Files\DriverGuide DriverScan
2009-04-20 23:12:44 ----A---- D:\WINDOWS\NeroDigital.ini
2009-04-19 12:49:44 ----D---- D:\WINDOWS\system32\RTCOM
2009-04-18 23:00:12 ----D---- D:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-18 01:09:40 ----A---- D:\WINDOWS\BRWMARK.INI
2009-04-18 01:09:40 ----A---- D:\WINDOWS\BRPP2KA.INI
2009-04-18 01:09:18 ----A---- D:\WINDOWS\Brpfx04a.ini
2009-04-18 01:09:18 ----A---- D:\WINDOWS\brpcfx.ini
2009-04-17 23:00:51 ----D---- D:\Documents and Settings\user\Application Data\PC-FAX TX
2009-04-16 23:41:50 ----A---- D:\WINDOWS\DVDRegionFree.INI
2009-04-16 21:13:48 ----A---- D:\WINDOWS\CDPLAYER.INI
2009-04-06 16:57:24 ----A---- D:\WINDOWS\system32\MRT.exe
2009-04-05 21:37:47 ----D---- D:\Documents and Settings\user\Application Data\foobar2000

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; D:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-05 2432]
R1 Cdralw2k;Cdralw2k; D:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-05 2560]
R1 FsVga;FsVga; D:\WINDOWS\system32\DRIVERS\fsvga.sys [2006-02-28 12160]
R1 InCDPass;InCDPass; D:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-04-06 29440]
R1 incdrm;InCD Reader; D:\WINDOWS\system32\drivers\incdrm.sys [2006-04-06 33408]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ItSDisk;ItSDisk; D:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-15 17840]
R1 KLIF;Kaspersky Lab Driver; D:\WINDOWS\system32\DRIVERS\klif.sys [2009-04-25 226832]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; D:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-02 64896]
R2 ASPI32;ASPI32; D:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R2 s24trans;WLAN Transport; D:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); D:\WINDOWS\system32\drivers\averhbtv.sys [2006-10-19 285440]
R3 AVGIDSDriver;AVGIDSDriver; \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilter;AVGIDSFilter; \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShim;AVGIDSShim; \??\D:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys []
R3 cFosSpeed;cFosSpeed Miniport; D:\WINDOWS\system32\DRIVERS\cfosspeed.sys [2009-02-13 787672]
R3 CmBatt;Microsoft AC Adapter Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EZUSB;EZUSB PC/SC Smart Card Reader; D:\WINDOWS\system32\DRIVERS\ezusb.sys [2008-06-03 63288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IFXTPM;IFXTPM; D:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-18 5028352]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; D:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; D:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MODEMCSA;Unimodem Streaming Filter Device; D:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; D:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-06 3694208]
R3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2003-07-01 9856]
R3 rimmptsk;rimmptsk; D:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-02 51584]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; D:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); D:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth Port Driver from Toshiba; D:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; D:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-19 110976]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; D:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; D:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; D:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; D:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; D:\WINDOWS\system32\drivers\InCDfs.sys [2006-04-06 102016]
S3 Ambfilt;Ambfilt; D:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BrScnUsb;Brother USB Still Image driver; D:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 catchme;catchme; \??\D:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MMIOPORT;MMIOPORT; \??\D:\WINDOWS\system32\drivers\MMIOPORT.sys []
S3 Monfilt;Monfilt; D:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;BDA MPE Filter; D:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETw3x32.sys []
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2008-03-13 2530176]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 sffdisk;SFF Storage Class Driver; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; D:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-12 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; D:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 TVICHW32;TVICHW32; \??\D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; D:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe [2009-02-26 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher; D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe [2009-02-26 563720]
R2 AVP;Kaspersky Internet Security; D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-04-25 206088]
R2 cFosSpeedS;cFosSpeed System Service; D:\Program Files\cFosSpeed\spd.exe [2009-02-13 385240]
R2 Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service; D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe [2009-04-24 73216]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; D:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; D:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2009-04-24 880640]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-04-26 152984]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2006-09-06 143426]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; D:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 WSearch;Windows Search; D:\WINDOWS\system32\SearchIndexer.exe [2009-04-24 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ASBroker;Logon Session Broker; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ASChannel;Local Communication Channel; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; D:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 FreeAgentGoNext Service;Seagate Service; D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345; D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-04-24 73728]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InCDsrvR;InCD Helper (read only); D:\Program Files\Ahead\InCD\InCDsrv.exe [2009-04-24 880128]
S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-04-24 620544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; D:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

sld1006 · May 3, 2009

RSIT report (info.txt)

Hi Shaba,

Thanks for getting back. The laptop still stops booting before the login screen (I re-started the laptop 3 times to get in). I did tried to re-install Ethernet NIC driver under safe mode but received a message "can't execute Kernel Mode Driver Service". Do this and the locked registry key have something to do with rules as well?

I ran RSIT and an interesting file (catchme.sys) is found under Temp. I will take no action at this stage and wait for your further instructions. Because the whole text is too long so I will post log.ext in another message.

Thanks again.

Info.txt:

info.txt logfile of random's system information tool 1.06 2009-05-03 13:31:48

======Uninstall list======

-->"D:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"D:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Adobe\PDF IFilter 5.0\Uninst.isu"
-->D:\WINDOWS\NuNInst.exe /UNINSTALL
-->D:\WINDOWS\unmrw.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\SETUP.EXE" -l0x9 anything
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"D:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->D:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat 8.1.4 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PDF IFilter 5.0-->D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Adobe\PDF IFilter 5.0\Uninst.isu"
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->D:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced WMA Workshop version 2.3-->"D:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
Asus MultiFrame-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\SETUP.EXE" -l0x9
ASUS Splendid Video Enhancement Technology-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe" -l0x9 -removeonly
ASUS_1600x1200_white-->D:\Program Files\ASUS_1600x1200_white\uninstall.exe
ATK Media-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATK0100 ACPI UTILITY-->D:\WINDOWS\ATK0100\XPunin.exe
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVerMedia A301 (MiniCard, NTSC/PAL/SECAM/DVB-T/FM) 1.1.0.52-->D:\Program Files\AVerMedia\AVerMedia A301 (MiniCard, NTSC_PAL_SECAM_DVB-T_FM)\uninst.exe
AVG Identity Protection-->MsiExec.exe /X{7583D2F8-8E7D-40C5-9862-4D218006FB84}
Bluetooth Stack for Windows-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BOINC-->MsiExec.exe /I{2E62A09F-BF55-4C24-84CE-4A2DE7EACE29}
Boshiamy Liu2000 v5.7b-->D:\WINDOWS\unliu.exe
Brother MFL-Pro Suite-->"D:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
CA Yahoo! Anti-Spy (remove only)-->"D:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
cFosSpeed v4.50-->"D:\Program Files\cFosSpeed\setup.exe" -uninstall
Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Citrix Presentation Server Client-->MsiExec.exe /I{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}
Corel Painter Essentials 2-->MsiExec.exe /X{B946D46E-1302-48B4-84EE-B74C3191D975}
Creative Audio Pack-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Vision M Series-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"D:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DFX 8 for Windows Media Player-->MsiExec.exe /I{26a03535-d10f-4434-9724-ce6d2f9a0549}
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro-->"D:\Documents and Settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->D:\Documents and Settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}\DriverUpdaterPro.exe
DriverGuide DriverScan-->D:\Program Files\DriverGuide DriverScan\uninstall.exe
DVD Region+CSS Free 5.9.8.3-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
FaceFilter Studio Brother Edition-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}\Setup.exe" -l0x9 /uninstall
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{29729ECD-1A61-4ED3-8960-4D18C20CDA93}
Glee Cube Player-->MsiExec.exe /X{E17C97E7-1CD9-4599-AE0A-0CF590AD7761}
Google Apps-->MsiExec.exe /I{89173CE2-0EC2-47D7-8F1A-8471AD9661F4}
Google Chrome-->"D:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CDF5E9DE-3061-11DE-A913-005056806466}
Google Photos Screensaver-->MsiExec.exe /X{00C62B23-9336-4AF2-8DD4-BBDBE599DD76}
Google Talk (remove only)-->"D:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hide IP NG 1.46-->"D:\Program Files\Hide IP NG\unins000.exe"
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HJ-Split 2.2-->"D:\Program Files\FreeByte\HJ-Split\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"D:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Indeo® Software-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Ligos\Indeo\Uninst.isu" -c"D:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel PROSet Wireless-->Intel PROSet Wireless
IP e-Source-->"D:\WINDOWS\IP e-Source\uninstall.exe" "/U

:\Program Files\IPeSource\Uninstall\uninstall.xml"
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Lavasoft Reghance 2.1-->D:\PROGRA~1\LAVASO~1\UNWISE.EXE D:\PROGRA~1\LAVASO~1\INSTALL.LOG
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
LightScribe System Software 1.10.16.1-->MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
MainConcept Encoder for AVerMedia 1.1.0.26-->D:\Program Files\AVerMedia\MainConcept Encoder for AVerMedia\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internet Explorer 5 Web Accessories-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\IE5WA.inf, Uninstall
Microsoft Office 2000 Proofing Tools Disc 1-->MsiExec.exe /I{00300409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Web Archive Add-On-->MsiExec.exe /I{B2586CA8-0F12-11D3-8258-00C04F6843FE}
Microsoft Office Sounds-->MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Keyboard-->MsiExec.exe /I{F63E8666-0F10-11D3-8258-00C04F6843FE}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\DECCHECK.inf,Uninstall
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller
Mozilla Firefox (3.0.10)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3TagEditor-->C:\Program Files\MP3TagEditor\Uninstall.exe
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Natural Chinese Input V8 -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CFBA276B-B2B1-4B81-8D99-2EF2B7A289B4}\setup.exe" -l0x9 -removeonly
Nero Suite-->D:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia PC Suite-->D:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
Norton Security Scan (Symantec Corporation)-->"D:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
NVIDIA Drivers-->D:\WINDOWS\system32\nvudisp.exe UninstallGUI
PaperPort Image Printer-->MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Power4 Gear-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\SETUP.EXE" -l0x9
PowerDirector-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
PowerDVD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PPStream-->D:\Program Files\PPStream\unpps.exe
QuickTime-->D:\WINDOWS\unvise32qt.exe D:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Registry Clean Expert-->"C:\Program Files\Registry Clean Expert\unins000.exe"
Registry Drill-->"D:\WINDOWS\Registry Drill\uninstall.exe" "/U

:\Program Files\Easy Desk Utilities\Registry Drill\irunin.xml"
Roxio VideoWave Movie Creator-->MsiExec.exe /I{BB46245B-CECA-406F-8790-3ABA0D01012F}
ScanSoft PaperPort 11-->MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
Seagate Manager Installer-->"D:\Program Files\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"D:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"D:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"D:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"D:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"D:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Softe Audio Converter-->C:\Program Files\Softe Audio Converter\Uninstall.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->D:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->D:\Program Files\SystemRequirementsLab\Uninstall.exe
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB2.0 1.3M WebCam-->D:\WINDOWS\UninstIt.exe D:\WINDOWS\ASUSCAM.ini
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->D:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 3.9)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFlash-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\SETUP.EXE" -l0x9
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinStar 2.0 Demo-->C:\PROGRA~1\Winstar\UNWISE.EXE C:\PROGRA~1\Winstar\INSTALL.LOG
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WinZip Internet Browser Support Add-On-->"D:\PROGRA~1\WINZIP\winzip32.exe" /inetuninstall
Wireless Console 2-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe" -l0x9 -removeonly
Yahoo! Anti-Spy-->D:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Extras-->D:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail-->D:\WINDOWS\system32\regsvr32.exe /u /s D:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->D:\PROGRA~1\Yahoo!\Common\unyt.exe
ZENcast Organizer-->"D:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: SHIANG_NOTEBOOK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 71194
Source Name: Service Control Manager
Time Written: 20090427002235.000000+120
Event Type: error
User:

Computer Name: SHIANG_NOTEBOOK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 71191
Source Name: Service Control Manager
Time Written: 20090427002235.000000+120
Event Type: error
User:

Computer Name: SHIANG_NOTEBOOK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 71188
Source Name: Service Control Manager
Time Written: 20090427002235.000000+120
Event Type: error
User:

Computer Name: SHIANG_NOTEBOOK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 71185
Source Name: Service Control Manager
Time Written: 20090427002235.000000+120
Event Type: error
User:

Computer Name: SHIANG_NOTEBOOK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 71183
Source Name: Service Control Manager
Time Written: 20090427002235.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: SHIANG_NOTEBOOK
Event Code: 7040
Message: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Record Number: 32627
Source Name: Windows Search Service
Time Written: 20090412172834.000000+120
Event Type: error
User:

Computer Name: SHIANG_NOTEBOOK
Event Code: 1517
Message: Windows saved user SHIANG_NOTEBOOK\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 32604
Source Name: Userenv
Time Written: 20090412172203.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SHIANG_NOTEBOOK
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 32603
Source Name: Userenv
Time Written: 20090412172123.000000+120
Event Type: warning
User: SHIANG_NOTEBOOK\user

Computer Name: SHIANG_NOTEBOOK
Event Code: 1001
Message: Fault bucket 745726517.

Record Number: 32433
Source Name: Application Error
Time Written: 20090408235512.000000+120
Event Type: error
User:

Computer Name: SHIANG_NOTEBOOK
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module comctl32.dll, version 6.0.2900.5512, fault address 0x000048d6.

Record Number: 32432
Source Name: Application Error
Time Written: 20090408235344.000000+120
Event Type: error
User:

=====Security event log=====

Computer Name: SHIANG_NOTEBOOK
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 195355
Source Name: Security
Time Written: 20090430015502.000000+120
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SHIANG_NOTEBOOK
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 195354
Source Name: Security
Time Written: 20090430015347.000000+120
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: SHIANG_NOTEBOOK
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 195353
Source Name: Security
Time Written: 20090430015347.000000+120
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: SHIANG_NOTEBOOK
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 195352
Source Name: Security
Time Written: 20090430015335.000000+120
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SHIANG_NOTEBOOK
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 195351
Source Name: Security
Time Written: 20090430015335.000000+120
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;D:\Program Files\PC Connectivity Solution\;D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin;C:\Program Files\QuickTime\QTSystem\;D:\Program Files\Common Files\Roxio Shared\DLLShared\;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Intel\WiFi\bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"WMIA_MULTIPLEINSTANCE"=
"CLASSPATH"=.;D:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;D:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

sld1006 · May 3, 2009

RSIT report (log.txt)

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-05-03 13:31:21
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 17 GB (37%) free of 45 GB
Total RAM: 2047 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:40, on 03/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
D:\Program Files\cFosSpeed\spd.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\cFosSpeed\cFosSpeed.exe
D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe
D:\Program Files\Wireless Console 2\wcourier.exe
D:\Program Files\ASUS\Splendid\ACMON.exe
D:\Program Files\ASUS\ATK Media\DMEDIA.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\ATK0100\HControl.exe
D:\WINDOWS\system32\ACEngSvr.exe
D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\ATK0100\ATKOSD.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\BOINC\boinc.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Intel\WiFi\bin\ZCfgsvc.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\Common Files\Intel\WirelessCommon\ifrmewrk.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
C:\Download\RSIT\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Trend Micro\HijackThis\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Power_Gear] D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVGIDS] "D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Wireless Console 2] D:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACMON] D:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HControl] D:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Highlight - D:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - D:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - D:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - D:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - D:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - D:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - D:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.asml.com
O15 - Trusted Zone: *.asml.nl
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://portal12.asml.com/livelinksupport/webedit/lledit.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: APSHook.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: OneCard - D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (file missing)
O23 - Service: AVGIDSAgent - AVG - D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - D:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFosSpeed\spd.exe
O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Unknown owner - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 19614 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
D:\WINDOWS\tasks\Norton Security Scan for user.job
D:\WINDOWS\tasks\Security Platform Backup Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-15 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-03-16 208952]
"PHIME2002ASync"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-09-06 7585792]
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2006-09-06 86016]
"Power_Gear"=D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2009-04-24 94208]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2009-04-24 159744]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2009-04-24 1398784]
"TkBellExe"=D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-15 185872]
"cFosSpeed"=D:\Program Files\cFosSpeed\cFosSpeed.exe [2009-02-13 876760]
"PaperPort PTD"=D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVGIDS"=D:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe [2009-02-26 1579528]
"AVP"=D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-04-25 206088]
"Wireless Console 2"=D:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"ACMON"=D:\Program Files\ASUS\Splendid\ACMON.exe [2006-05-30 811008]
"ATKMEDIA"=D:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-06-08 53248]
"Google Quick Search Box"=D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-26 68592]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-04-26 148888]
"HControl"=D:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592]
"nwiz"=nwiz.exe /install []
"SMSERIAL"=D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-04-24 790528]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2009-04-24 17510400]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2009-04-24 57344]
"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"IntelZeroConfig"=D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064]
"IntelWireless"=D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2009-04-24 1592320]
"MtdAcqu"=C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [2006-03-08 278528]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=D:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"PeerGuardian"=D:\Program Files\PeerGuardian2\pg2.exe [2009-04-24 1432064]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

D:\Documents and Settings\user\Start Menu\Programs\Startup
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
D:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
D:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{42AE1DA1-FF60-4435-A81F-9B6538F865A6}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktop"=0
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled